Re: Firewall and NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 01 Nov 2004 18:48:35 +0000, Paul Howarth <paul@xxxxxxxxxxxx> wrote:
> On Mon, 2004-11-01 at 18:38, Leonard Isham wrote:
> 
> 
> > On Mon, 01 Nov 2004 16:16:40 +0000, Paul Howarth <paul@xxxxxxxxxxxx> wrote:
> > > Neil Marjoram wrote:
> > > > Can someone help me, this is driving me nuts!
> > > >
> > > > I currently run sendmail on port 25, I have had a requirement to install
> > > > smtp_auth, which all works fine. However I now find out that one of my
> > > > users ISP's blocks port 25 so he can't access the mail anyway.
> > > >
> > > > The answer? NAT port 10025 or what ever to port 25.
> > >
> > > Whilst this doesn't answer your question, is there any particular reason you
> > > didn't just open port 587 in your firewall and use the MSA, which sendmail
> > > runs by default for this very purpose?
> > >
> > > Paul.
> >
> > As for why not run MSA?
> >
> > "MSA port should be limited to internal hosts (e.g., firewalled from
> > external world)"
> >  - http://www.sendmail.org/~gshapiro/8.10.Training/MSA.html
> >
> > I presum the issue is an issue with sending mail.  Why not configure
> > the e-mail client to send e-mail via the local ISP?
> 
> Because that way a roaming user would have to reconfigure their mail
> software every time there were in a different place, with a different
> ISP. RFC 2476 on Message Submission cites "Implement authenticated
> submission, including off-site submission by authorized users such as
> travelers" as one of its motivations. Since the MSA is not significantly
> different in functionality to the MTA, I really don't see any reason why
> it should be firewalled off.
> 
> Paul.
> --
> 
> 
> Paul Howarth <paul@xxxxxxxxxxxx>
> 

I suspect that these are the reasons sendmail.org recommends firewalling MSA:

Meant to be less strict on standards compliance
    * Addresses don't have to be fully qualified
    * Hostnames don't have to be fully qualified
    * Don't require "required" headers, e.g. Message-ID: and Date: 

-- 
Leonard Isham, CISSP 
Ostendo non ostento.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux