[nzlug] Regarding: Postfix + SASL authen............

Wed Mar 5 08:56:34 NZDT 2008

Graham,

If it's xtra your talking about, you can opt out of the port 25 block.
You can do it here:

https://selfservice.xtra.co.nz/live/selfservice/serviceprofile/OpenPort25

On Sat, 2008-03-01 at 16:23 +1300, Mark Foster wrote:
> Graham,
> 
> What you suggest doesn't address the query.
> 
> Me, I'd probably just set up smtp-auth and run the SMTP server on another 
> port, to achieve what is specifically being asked.
> 
> The reason for doing it that way?  Could be a number of reasons, but off 
> the top of my head, the ISP concerned is quite likely Xtra, and thus the 
> 'normal internet email' method would be to relay the traffic through 
> smtp.xtra.co.nz.  This of course puts a third party in the loop and makes 
> the process invisible to you, and reliant on Xtra's reliability as a mail 
> delivery agent.  They don't have the best track record, so I understand 
> the desire to keep it in-house.
> 
> SMTP-Auth on a non-standard port would seem easiest, have I overlooked 
> some reason that isn't an option? (Ok, its a daemon and not a mail client 
> but surely this can be worked around...)
> 
> Another one may be smtp-after-pop type mechanisms, have the box connect to 
> a dummy pop3 account every 15 minutes and rig it up so the IP that does so 
> successfully is allowed to relay through you (on your non standard port) 
> for a given period (say 35 minutes... just over two pop3 intervals) 
> afterward.
> 
> Mark.
> 
> 
> On Sat, 1 Mar 2008, graham dixon wrote:
> 
> > It is a strange ISP that doesn't allow emails !
> > Why not just send the email through normal internet email ?
> > (K.I.S.)
> > cheers
> > Graham
> > =======================================
> >
> > Message: 5
> > Date: Thu, 28 Feb 2008 20:42:07 +1300
> > From: Philip Murray <pmurray at nevada.net.nz>
> > Subject: Re: [nzlug] Postfix + SASL authencation to another Postfix
> > To: NZLUG Mailing List <nzlug at linux.net.nz>
> > Message-ID: <DB811EEE-7DB8-4644-8B67-3BB6DF82B047 at nevada.net.nz>
> > Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
> >
> >
> > On 28/02/2008, at 5:59 PM, Chris Hodgetts wrote:
> >
> >> Hey,
> >>
> >> I was wondering, if anyone knows how to do this?
> >>
> >> I have a machine outside my network, the ISP it's connected to blocks
> >> port 25. (and has a non-static public address).
> >>
> >> I want the postfix instance on it to connect back to our primary
> >> postfix
> >> server(on a static IP), on another port, and authenticate via sasl so
> >> this box can deliver messages back to us here in the office.
> >>
> >> Postfix on the hostile network is only listening to 127.0.0.1, and in
> >> reality the only mail from this box will be log checks, and so forth,
> >> standard admin emails.
> >>
> >> If the remote box had a static IP I would just add that address to
> >> mynetworks but as it doesn't, I thought this could be a good way to
> > do
> >> it.
> >>
> >> Unless anyone has any other suggestions...
> >>
> >
> > My other suggestion is to do it with an SSL client certificate. On
> > your primary postfix, add another smtp transport (in master.cf, on
> > whatever port is appropriate) and use the option
> >
> > smtpd_client_restrictions = check_ccert_access, ...etc...
> >
> > And add the certificate fingerprint to whatever access(5) table you
> > want to use.
> >
> > On the client postfix, just configure it to send outbound email with
> > your shiny new SSL cert.
> >
> > Digging around postconf(5) should give you all the options you need
> >
> > Cheers
> >
> >
> > Send instant messages to your online friends http://au.messenger.yahoo.com
> > _______________________________________________
> > NZLUG mailing list NZLUG at linux.net.nz
> > http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
> >
> 
> _______________________________________________
> NZLUG mailing list NZLUG at linux.net.nz
> http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
-- 
Daniel Reurich

Centurion Computer Technology (2005) Limited.
Ph: 021 797 722