From: Andrew Long (fursinkgmail.com)
Date: Thu Feb 28 2008 - 09:41:16 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 27, 2008 at 12:43 PM, Jorey Bump <listjoreybump.com> wrote:
> Andrew Long wrote, at 02/27/2008 11:47 AM:
>
>
> > This may be slightly off-topic, but I'm hoping someone can provide a
> > few clues for me. The postfix MTA acts as a selective relay for
> > certain IP's. These locations are wireless hotspots in hotels, where
> > the actual clients are guests coming and going willy nilly. We send
> > the smtp-server attribute via freeradius. Now, to my understanding,
> > spamassassin or clamav etc. are primarily designed to process incoming
> > mail for local recipients. What I want to do is process the mail that
> > is relayed to minimize the incidence of spam if a guest laptop becomes
> > infected or a local spammer manages to log on to the wireless. Can
> > someone point me in the right direction here or clarify my
> > understanding. Our ISP (Sprint) does not offer any relaying, so that
> > is not an option.
>
> Just curious: Why provide SMTP relay service at all? When would guests
> ever use it? It seems it would be useful only to spammers or malware
> scanning for open relays once they are on your network.

We are required by upper hotel management group to provide the relay.

> If you're proxying port 25, reconsider. It puts your guests at risk of
> exposing login information when they attempt to authenticate using
> existing configurations in their email clients. Blocking port 25
> completely is reasonable in your situation, as long as guests can use
> port 587 or webmail (once again, not proxied in any way).
>

What are implications of closing port 25 from the public in terms of
other MTX knowing how to communicate back with our MTX? I understand
587 is standard alt port, but what about changing to something
non-standard?

Andrew

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]