On Wed, 2004-11-03 at 16:38, Paul Howarth wrote: > On Wed, 2004-11-03 at 02:13, Ow Mun Heng wrote: > > If however, the original poster only wanted to open up a MTA/MSA for his > > user that has port 25 blocked by the ISP, port-forward the default > > port 25 to another server running a MTA on say port 2525. That way, > > there's only 1 listening MTA. > > Let's compare the two solutions: > > Port forward port 2525 to port 25: > * Only one daemon running, listening on two ports (plus separate MSP > instance). > * Port 2525 accepts mail from any client without requiring > authentication for local delivery (though of course it's needed for > relaying, just as it is on port 25). > * Does not necessarily fix up mis-formatted mail submissions, e.g. with > non-fully-qualified hostnames/addresses etc. (depends on whether you're > using the `always_add_domain' feature, masquerade settings etc.). > > Separate MSA on port 587 and MTA on port 25: > * Only one daemon running, as MSA on port 587 and MTA on port 25 (plus > separate MSP instance). Check the output of ps to verify this for > yourself. 799 ? Ss 0:00 sendmail: accepting connections 802 ? Ss 0:00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue There are 2 instances. > * Port 587 can *require* authentication for all clients, preventing > unauthorised use for local delivery I'm on a laptop. I'm the only pre-configured user. So, for mine, the MSA does not need authentication. Firewall walls up the MSA(and the MTA) > * MSA fixes up mis-formatted mail submissions, e.g. with > non-fully-qualified hostnames/addresses etc.
