Re: MSA & MTA & Milters Was [Re: Firewall and NAT]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2004-11-03 at 02:13, Ow Mun Heng wrote:
> Okay, let's put it this way. For users such as myself, who uses *nix and
> is sure that there are _no_ malware that affects 99% of the non
> *nix/*bsd systems, then usage of the MSA w/o any milters is useful.
> 
> If however, the original poster only wanted to open up a MTA/MSA for his
> user that has port 25 blocked by the ISP, I see no reason in just
> running another MTA in another port for that user. (but frankly, all
> that trouble for the 1 user? hehe) Better yet, port-forward the default
> port 25 to another server running a MTA on say port 2525. That way,
> there's only 1 listening MTA.

Let's compare the two solutions:

Port forward port 2525 to port 25:
* Only one daemon running, listening on two ports (plus separate MSP
instance).
* Port 2525 accepts mail from any client without requiring
authentication for local delivery (though of course it's needed for
relaying, just as it is on port 25).
* Does not necessarily fix up mis-formatted mail submissions, e.g. with
non-fully-qualified hostnames/addresses etc. (depends on whether you're
using the `always_add_domain' feature, masquerade settings etc.).

Separate MSA on port 587 and MTA on port 25:
* Only one daemon running, as MSA on port 587 and MTA on port 25 (plus
separate MSP instance). Check the output of ps to verify this for
yourself.
* Port 587 can *require* authentication for all clients, preventing
unauthorised use for local delivery.
* MSA fixes up mis-formatted mail submissions, e.g. with
non-fully-qualified hostnames/addresses etc.

I know which I prefer!

Paul.
-- 
Paul Howarth <paul@xxxxxxxxxxxx>


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux