Firewall and NAT
Paul Howarth
paul at city-fan.org
Mon Nov 1 18:48:35 UTC 2004
On Mon, 2004-11-01 at 18:38, Leonard Isham wrote:
> On Mon, 01 Nov 2004 16:16:40 +0000, Paul Howarth <paul at city-fan.org> wrote:
> > Neil Marjoram wrote:
> > > Can someone help me, this is driving me nuts!
> > >
> > > I currently run sendmail on port 25, I have had a requirement to install
> > > smtp_auth, which all works fine. However I now find out that one of my
> > > users ISP's blocks port 25 so he can't access the mail anyway.
> > >
> > > The answer? NAT port 10025 or what ever to port 25.
> >
> > Whilst this doesn't answer your question, is there any particular reason you
> > didn't just open port 587 in your firewall and use the MSA, which sendmail
> > runs by default for this very purpose?
> >
> > Paul.
>
> As for why not run MSA?
>
> "MSA port should be limited to internal hosts (e.g., firewalled from
> external world)"
> - http://www.sendmail.org/~gshapiro/8.10.Training/MSA.html
>
> I presum the issue is an issue with sending mail. Why not configure
> the e-mail client to send e-mail via the local ISP?
Because that way a roaming user would have to reconfigure their mail
software every time there were in a different place, with a different
ISP. RFC 2476 on Message Submission cites "Implement authenticated
submission, including off-site submission by authorized users such as
travelers" as one of its motivations. Since the MSA is not significantly
different in functionality to the MTA, I really don't see any reason why
it should be firewalled off.
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the fedora-list
mailing list