Autor: Ian Eiloart Data: A: Exim Users Assumpte: Re: [exim] using port 587 for submission?
> On 3 Sep 2015, at 12:07, hw <hw@???> wrote:
>
>
> Hi,
>
> starting with the example configuration, what do I need to do to set up exim for relaying messages from MUAs which should be allowed to connect from the internet and from the LAN to the mail server on the LAN?
>
> It seems to me that the example configuration already has some things in place for this, and that I need to somehow make it so that the MUAs can authenticate themselves. Of course, the connections should be encrypted.
>
> I haven't found a guide to this yet. What are best practises to do this? A pointer to a good documentation about this, and any hints, would be greatly appreciated.
One thing we do is to separate out our MX service from our MSA. So, they’re at a separate domain ( MSA on "smtp" for compatibility with some client autoconfiguration algorithms, MX can be on any address).
So, our MX server listens only on port 25, offers encryption but not authentication. It doesn’t accept mail from our own domain, unless the headers demonstrate that the mail has previously been authenticated here.
Our MSA listens on ports 25/587 and 465. We recommend port 587, but assist autoconfiguration where we can. Authentication requires encryption, and authentication is required when the client is off-campus, or on most end-user subnets.
We try to avoid talking about port 25 wrt client configuration, since many sites and ISPs (including ours) block its use outbound. We block inbound and outbound port 25 at the campus firewall, except for our mail gateways.
--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148