OT: how do You protect an email relay service?

Good day.


If You use an email relay service, how do You protect it: VMs, iptables
connections rate limit, ... ?

Personally, I have a problem with email sending authorization - how I can
separate the users that have not their boxes on our service and therefore I can
ban their trials to pick up a password - I can not reduce it even to the local
net IPs bt iptables - as port 25 is used for not only for sending our own users
but for receiving it for the local users - as I understand.


Thank You for Your time.


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...

On Sat, 30 May 2009, Sthu Deus wrote:

Consider using port 587 for submission. Allow only authenticated
sessions on port 587, and port 25 use only for comunication with
other MTAs.

see RFC 2746, 3.1

--
Regards,
Paweł Zuzelski


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...

Hi,
* Sthu Deus <sthu.deus@...> [2009-05-30 15:44]:
> If You use an email relay service, how do You protect it: VMs, iptables
> connections rate limit, ... ?

As you noticed yourself by marking this mail as OT this is
probably not the right list for your question. Please use a
different list.

Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@... - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Two ways:

for clients who have thier own mail servers and need to relay and for people
with Linux laptops who can run posfix or exim we permi relaying based on TLS
certificate presented by the MTA.

For those who use Windows based dekstops: pop-before-smtp daemon.

All others get greylisted: http://en.wikipedia.org/wiki/Greylisting

Cheers
Tomasz Ciolek

On Sat, May 30, 2009 at 02:54:16PM +0700, Sthu Deus wrote: --
Tomasz M. Ciolek
*******************************************************************************
 tmc at vandradlabs dot com dot au
*******************************************************************************
   GPG Key ID: 0x41C4C2F0
   GPG Key Fingerprint: 3883 B308 8256 2246 D3ED  A1FF 3A1D 0EAD 41C4 C2F0
   Key available on good key-servers
*******************************************************************************

hi

you can use sasl identification , spamassassin and greylist is a good trial solution

cheers

philippe
Le 31/05/2009 01:18, Tomasz Ciolek a écrit :

Two ways:

for clients who have thier own mail servers and need to relay and for people
with Linux laptops who can run posfix or exim we permi relaying based on TLS
certificate presented by the MTA.

For those who use Windows based dekstops: pop-before-smtp daemon.

All others get greylisted: http://en.wikipedia.org/wiki/Greylisting

Cheers
Tomasz Ciolek

On Sat, May 30, 2009 at 02:54:16PM +0700, Sthu Deus wrote:
  

Good day.


If You use an email relay service, how do You protect it: VMs, iptables
connections rate limit, ... ?

Personally, I have a problem with email sending authorization - how I can
separate the users that have not their boxes on our service and therefore I can
ban their trials to pick up a password - I can not reduce it even to the local
net IPs bt iptables - as port 25 is used for not only for sending our own users
but for receiving it for the local users - as I understand.


Thank You for Your time.


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
    

Good day, Tomasz.

Thank You for Your reply:
>All others get greylisted: http://en.wikipedia.org/wiki/Greylisting

Well. I guess it was not easy to prove before a boss such a practise?


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...