Re: [exim] Setup for authenticated submission

Jakob Hirsch wrote:

> Nigel Wade wrote:
>
>
>>I'm in the process of deciding how to configure our mail server to provide
>>client submission (port 587, and possibly 465). I'm looking for general
>>tips, and do's and dont's for its configuration. The purpose is to allow
>>authenticated client submission over SSL from the Internet. We are not
>>able to allow port 25 submission, hence the requirement to setup port
>>587/465.
>
>
> It depends on your requirements.
> I have only one rule: You have to AUTH before you can submit. I have also
> disabled AUTH on port 25, but that's optional.
>
>
>>I'm currently leaning towards the idea of a separate Exim process handle
>>mail submission, and for this to relay the mail to the main Exim process
>
>
> I don't see why you should do that. It complicates things unnecessarily.
> But that, again, depends on your requirements.
>
> I also saw somebody having port 587 in tls_on_connect, which I think is a
> bad idea. While RFC 2476 does not explicitly specify it, all installations
> I know of use STARTTLS.
>
>
>

DOTS. (Depends On The Situation).

We have the "luxury" of not having to cater to WinWoes or Apple 'native'
alleged-MUA's, and use different SSL arrival ports for:

- faster setup than STARTTLS

- helping 'ban' MUA's we don't want to support anyway

- selecting different acl routing rules for different user groups

Admittedly non-standard, I will agree, but derned handy... ;-)

Bill