On 10/24/2011 12:22 PM, David C. Rankin wrote:
What I don't want to do is mess up my port 25 normal operations. That's the part I don't have sorted yet. The "what do I need to do to enable relay from the phone (on whatever port) and not mess up the normal server operations for the rest of the mail?"
Why the second port anyway? Can't I just configure postfix to authenticate me from my phone and just send using port 25? There may very well be valid reason that configuring on port 587 is better and the way to go, but that's what I'm trying to figure out...
Hi David, A couple of factors are at play here. (I hope I get this right) First, you have to authenticate yourself to your mail server if you want to relay mail. If you allow anonymous connections, spammers will have their way with your server. But, sending usernames and passwords in the clear over port 25 is also a risk, so you need to wrap your authentication dialog with SSL/TLS. Two ports? The issue here is that many ISP's block outgoing port 25 to force you to use their own SMTP servers. Outgoing port 587 is usually open, allowing you to connect to your server via an encrypted connection. Port 25 remains open allowing your server to continue to accept mail for local accounts as usual. There are other ways to do the authentication bit. I've used pop-before-smtp in the past, which is a bit clunky, but it works. This method blocks SMTP relaying until a successful authentication dialog is negotiated via pop or imap. The sending IP address is then opened for relaying for a defined period of time. This assumes that people will check their incoming mail before trying to send. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org