Re: OT: how do You protect an email relay service?

To: Sthu Deus <sthu.deus@gmail.com>
Cc: debian security list <debian-security@lists.debian.org>
Subject: Re: OT: how do You protect an email relay service?
From: Paweł Zuzelski <z@xatka.net>
Date: Sat, 30 May 2009 13:46:09 +0200
Message-id: <[🔎] 20090530114609.GB3993@davabel>
In-reply-to: <[🔎] 4a20e651.09038e0a.10ee.34f5@mx.google.com>
References: <[🔎] 4a20e651.09038e0a.10ee.34f5@mx.google.com>

On Sat, 30 May 2009, Sthu Deus wrote:

> Good day.
> 
> 
> If You use an email relay service, how do You protect it: VMs, iptables
> connections rate limit, ... ?
> 
> Personally, I have a problem with email sending authorization - how I can
> separate the users that have not their boxes on our service and therefore I can
> ban their trials to pick up a password - I can not reduce it even to the local
> net IPs bt iptables - as port 25 is used for not only for sending our own users
> but for receiving it for the local users - as I understand.

Consider using port 587 for submission. Allow only authenticated
sessions on port 587, and port 25 use only for comunication with
other MTAs.

see RFC 2746, 3.1

-- 
Regards,
Paweł Zuzelski

Reply to:

References:
- OT: how do You protect an email relay service?
  - From: Sthu Deus <sthu.deus@gmail.com>

Prev by Date: Re: OT: Server protection strategy from evil doers - how to stop them.
Next by Date: Re: OT: how do You protect an email relay service?
Previous by thread: OT: how do You protect an email relay service?
Next by thread: Re: OT: how do You protect an email relay service?
Index(es):
- Date
- Thread