The front-running suggestion, at present, is to have qmail start listening to some odd port number, set the proxy to listen on 25, and then have the proxy just forward to the "real" port. Fairly standard....
But, we're concerned about the pitfalls of this. The ones that we can see immediately are: 1) SMTP authentication (for our own users sending from foreign domains), and 2) TLS/SSL connections. The proxies we've looked at don't handle either of these (nor do we want them to), but it's unclear to us how configurable the proxies are in the matter of possibly doing realtime pass-through or handoff of SMTP-AUTH or TLS/SSL sessions to qmail.
Has anybody successfully dealt with these issues? What are some good routes? Do we just tell our users what the "real" port is? Or, do we do something like set up two IP's, have qmail listen on port 25 of one (and *only* accept mail that is either authenticated or from the second IP) and have the proxy operate on the other? Or, most likely, something that we haven't considered at all, yet?
- Joe
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature