MSA & MTA & Milters Was [Re: Firewall and NAT]

Paul Howarth paul at city-fan.org
Wed Nov 3 08:21:01 UTC 2004 

On Wed, 2004-11-03 at 06:43, Ow Mun Heng wrote:
> On Wed, 2004-11-03 at 11:54, Alexander Dalloz wrote:
> > I must confess that you lost me somewhere. I do not understand your
> > point. If the auth data of a client/user is misused on the client side -
> > how should the server detect this?
> 
> I'm not saying it can be detected. My point is simply, assuming these :
> 
> 1. MSA on port 587, MTA on port 25.
> 2. Milters running on port 25
> 3. No Milters running on port 587.
> 4. Incoming External mails goes to port 25
> 5. Internal Outgoing mails goes to port 587  
>     (SMTP AUTH/TLS etc)
> 
> that outgoing mails are _not_ scanned by any milters (to save cpu
> cycles). ( I still need to check on that - I just did, since my
> submit.mc points my msp to localhost, it's getting miltered. Drats)

Perhaps we should start again from first principles. They key difference
between the MSA and the MTA is that the MSA is targeted at outgoing mail
and the MTA is targeted at incoming mail. So clearly you are going to
want anti-virus/spam etc. filters on the MTA to deal with the incoming
menace. Whether you want such filters on the outgoing traffic is a
matter of preference, but splitting the functionality between MTA and
MSA gives you the option of not applying the same filters to outgoing
traffic if you don't feel the need to have them.

> > fetchmail can deliver the fetched mail differently than just to a
> > running MTA on port 25.
> 
> Are you talking about the -S option for fetchmail?
> (Keyword:  smtp[host])  Specify  a hunt list of hosts to forward mail to (one or more
>               hostnames, comma-separated). Hosts are tried in list order; the first one that is  up
>               becomes the forwarding target for the current run.  Normally, `localhost' is added to
>               the end of the list as an invisible default.  Each hostname may have a port number 
> 	      following the  host  name.  The  port  number  is separated from the host name by a 
> 	      slash; the default port is 25

You don't need an MTA (local or otherwise) to use fetchmail. You can use
an MDA (Mail Delivery Agent) like procmail to handle delivery instead:

poll mail.myisp.net
	with uidl
	protocol pop3
	user username
	pass "password"
	is me at myisp.net here
	mda "/usr/bin/procmail -d %T -f %F"
	fetchall
	nokeep
	;

Paul.
-- 
Paul Howarth <paul at city-fan.org>

More information about the fedora-list mailing list