Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: mouss (moussnetoyen.net)
Date: Fri Oct 24 2008 - 03:03:08 CDT
Byung-Hee HWANG a écrit :
> mouss wrote:
>> Byung-Hee HWANG a écrit :
>> - Use the submission port (587) with TLS+SASL.
> What is different between using 25 and using 587?
587 has been reserved for mail submission. It is a good practice to
separate the flows. some advantages:
- you can have different configs without losing your hair trying to
arrange smtpd restrictions to cope with both submission (aka outbound
mail) and MX (aka inbound mail).
- you can firewall port 25 (block some networks). your users will still
be able to connect to 587.
- malware that naively connects to port 25 will be detected thanks to
your firewall alerts/logs.
- you can easily enable header and/or body rewrite (such as fixing
incomplete addresses, ..) for submitted mail without touching "inbound"
of course, migration should always be implemented incrementally. you can
still allow users to submit via 25 while migrating users...