MSA & MTA & Milters Was [Re: Firewall and NAT]
Paul Howarth
paul at city-fan.org
Wed Nov 3 08:38:43 UTC 2004
On Wed, 2004-11-03 at 02:13, Ow Mun Heng wrote:
> Okay, let's put it this way. For users such as myself, who uses *nix and
> is sure that there are _no_ malware that affects 99% of the non
> *nix/*bsd systems, then usage of the MSA w/o any milters is useful.
>
> If however, the original poster only wanted to open up a MTA/MSA for his
> user that has port 25 blocked by the ISP, I see no reason in just
> running another MTA in another port for that user. (but frankly, all
> that trouble for the 1 user? hehe) Better yet, port-forward the default
> port 25 to another server running a MTA on say port 2525. That way,
> there's only 1 listening MTA.
Let's compare the two solutions:
Port forward port 2525 to port 25:
* Only one daemon running, listening on two ports (plus separate MSP
instance).
* Port 2525 accepts mail from any client without requiring
authentication for local delivery (though of course it's needed for
relaying, just as it is on port 25).
* Does not necessarily fix up mis-formatted mail submissions, e.g. with
non-fully-qualified hostnames/addresses etc. (depends on whether you're
using the `always_add_domain' feature, masquerade settings etc.).
Separate MSA on port 587 and MTA on port 25:
* Only one daemon running, as MSA on port 587 and MTA on port 25 (plus
separate MSP instance). Check the output of ps to verify this for
yourself.
* Port 587 can *require* authentication for all clients, preventing
unauthorised use for local delivery.
* MSA fixes up mis-formatted mail submissions, e.g. with
non-fully-qualified hostnames/addresses etc.
I know which I prefer!
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the fedora-list
mailing list