[olug] iptables question

Phil Brutsche phil at brutsche.us
Wed Jun 13 18:05:49 UTC 2007


Noel Leistad wrote:
> Bad news ... all smtp-auth requests blocked as "out of network".

You shouldn't use port 25 for authenticated SMTP. The RFCs (specifically
RFC 2476) recommend that email clients submit mail over port 587.

Port 25 -> MTA (mail transport, aka server <-> server)
Port 587 -> MSA (mail submission, aka client -> server)

> Anyone know how to create a iptables chain that recognizes smtp-auth 
> that would allow auth attempt w/ jump to ACCEPT if validated before my 
> DROP statement.....

Sorry, iptables doesn't understand SMTP and I think that firewalls that
understand SMTP are more trouble than their worth. Stuff like this is
best handled by a proper MTA.

-- 

Phil Brutsche
phil at brutsche.us



More information about the OLUG mailing list