North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ingress SMTP

  • From: Truman Boyes
  • Date: Sun Sep 07 17:43:54 2008
On 7/09/2008, at 5:31 PM, Michael Thomas wrote:

Eugeniu Patrascu wrote:

On Sep 3, 2008, at 8:08 PM, Winders, Timothy A wrote:


Yes, setting up a 587 submit server internally would be best, but man power
is at a premium and it hasn't happened.


I don't know what SMTP server you're using, but on Postfix you just need to uncomment one line in master.cf, do a reload and that's it. it takes less than a minute to do it on server. YMMV. 
Would that it were so easy :) You also have the more daunting task
of hooking up your auth/aaa infrastructure with your MTA's, and all
of the care and feeding that entails.

Mike

Exactly. The binding to port 587 is the easy part. The authentication / TLS setup is slightly more complex in most networks. This usually requires the running of another daemon on your MTA or another reachable host in your network, which takes some time to get up and running. Secondly you likely want to use a signed certificate for your port 587 TLS connections, which means going through the cert signing process with a CA.

Truman