MSA & MTA & Milters Was [Re: Firewall and NAT]
Ow Mun Heng
Ow.Mun.Heng at wdc.com
Wed Nov 3 10:27:48 UTC 2004
On Wed, 2004-11-03 at 16:38, Paul Howarth wrote:
> On Wed, 2004-11-03 at 02:13, Ow Mun Heng wrote:
> > If however, the original poster only wanted to open up a MTA/MSA for his
> > user that has port 25 blocked by the ISP, port-forward the default
> > port 25 to another server running a MTA on say port 2525. That way,
> > there's only 1 listening MTA.
>
> Let's compare the two solutions:
>
> Port forward port 2525 to port 25:
> * Only one daemon running, listening on two ports (plus separate MSP
> instance).
> * Port 2525 accepts mail from any client without requiring
> authentication for local delivery (though of course it's needed for
> relaying, just as it is on port 25).
> * Does not necessarily fix up mis-formatted mail submissions, e.g. with
> non-fully-qualified hostnames/addresses etc. (depends on whether you're
> using the `always_add_domain' feature, masquerade settings etc.).
>
> Separate MSA on port 587 and MTA on port 25:
> * Only one daemon running, as MSA on port 587 and MTA on port 25 (plus
> separate MSP instance). Check the output of ps to verify this for
> yourself.
799 ? Ss 0:00 sendmail: accepting connections
802 ? Ss 0:00 sendmail: Queue runner at 00:30:00 for /var/spool/clientmqueue
There are 2 instances.
> * Port 587 can *require* authentication for all clients, preventing
> unauthorised use for local delivery
I'm on a laptop. I'm the only pre-configured user. So, for mine, the MSA
does not need authentication. Firewall walls up the MSA(and the MTA)
> * MSA fixes up mis-formatted mail submissions, e.g. with
> non-fully-qualified hostnames/addresses etc.
More information about the fedora-list
mailing list