Mailing List CGatePro@mail.stalker.com Message #92245
From: Thom O'Connor <thom@communigate.com>
Subject: Re: port 587 and authentication
Date: Wed, 15 Aug 2007 16:13:18 -0700
To: <cgatepro@communigate.com>
From:   Jeremy Webber
> I may be missing something, but I'm wondering how I can set up CGPro
> to listen on port 587 and require authentication (for submission),
> but still listen on port 25 and not require authentication (for MTA
> transmission). I can't see anything in the listener (which is the
> only place ports are mentioned) which would do this.

Hi -

It is important to understand that the MTA does not, technically,
"require authentication". It "offers authentication" on both ports 25
and 587:

# telnet mail.communigate.com 25
Trying 64.173.55.165...
Connected to mail.communigate.com (64.173.55.165).
Escape character is '^]'.
220 mail.stalker.com ESMTP CommuniGate Pro 5.1.12e is glad to see you!
ehlo there
250-mail.stalker.com domain name should be qualified there
250-DSN
250-SIZE 31457280
250-STARTTLS
250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI MSN NTLM
<snip>

SMTP Authentication is usually always offered. The client MTA or MUA may
choose to use it, or not. If the client MTA/MUA does not authenticate,
then CommuniGate Pro checks the (1) source IP of the connection and the
(2) recipient. If the recipient is a local address, the MTA (such as
CommuniGate Pro) by default always accepts the message.

This is how Internet-based e-mail functions on all "non-Client-IP" (and
non-relay) SMTP traffic.

So, in short - you don't need to configure SMTP Auth at all. Just
configure these SMTP Listener ports:

Port     Init SSL/TLS
----------------------
25       off
465      on
587      off

And you're ready to go...

Sincerely,
-t
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster