On Wed, 2004-11-03 at 02:13, Ow Mun Heng wrote: > Okay, let's put it this way. For users such as myself, who uses *nix and > is sure that there are _no_ malware that affects 99% of the non > *nix/*bsd systems, then usage of the MSA w/o any milters is useful. > > If however, the original poster only wanted to open up a MTA/MSA for his > user that has port 25 blocked by the ISP, I see no reason in just > running another MTA in another port for that user. (but frankly, all > that trouble for the 1 user? hehe) Better yet, port-forward the default > port 25 to another server running a MTA on say port 2525. That way, > there's only 1 listening MTA. Let's compare the two solutions: Port forward port 2525 to port 25: * Only one daemon running, listening on two ports (plus separate MSP instance). * Port 2525 accepts mail from any client without requiring authentication for local delivery (though of course it's needed for relaying, just as it is on port 25). * Does not necessarily fix up mis-formatted mail submissions, e.g. with non-fully-qualified hostnames/addresses etc. (depends on whether you're using the `always_add_domain' feature, masquerade settings etc.). Separate MSA on port 587 and MTA on port 25: * Only one daemon running, as MSA on port 587 and MTA on port 25 (plus separate MSP instance). Check the output of ps to verify this for yourself. * Port 587 can *require* authentication for all clients, preventing unauthorised use for local delivery. * MSA fixes up mis-formatted mail submissions, e.g. with non-fully-qualified hostnames/addresses etc. I know which I prefer! Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>
