Mailing List CGatePro@mail.stalker.com Message #92247
From: Nicolas Hatier <nicolas.hatier@niversoft.com>
Subject: Re: port 587 and authentication
Date: Wed, 15 Aug 2007 23:07:49 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Yes, it's forcing, since the server will not accept a non-auth connection. However, the client does not know AUTH is forced before trying (not) to.

Personally, I always recommend forcing SMTP AUTH. Auth is forced by default on port 587 and this can't be disabled, but forcing Auth on port 25 too will prevent impersonation, spammers sending you messages that seems to come from yourself (return-path).

However, forcing SMTP AUTH means you have to reconfigure all mail clients to use this method. Also, if one of your users send a message to another user on your server, but sends it from his home computer and passes through his ISP, the message will be bounced since the ISP will not do AUTH when connection to your server. This user will also have to reconfigure his mail client to send his mail directly through your server, usually on port 587 since his ISP will most likely block his port 25.

I hope this helped you understand.

Note: you could begin to reconfigure everything and not actually force auth right now. Just make sure auth is advertised correctly, and re-configured mail clients will use auth. Once most of them are reconfigured, force smtp auth for everyone and you'll have only a few support calls.

Nicolas

Karl Zander wrote:
On Wed, 15 Aug 2007 16:13:18 -0700
 Thom O'Connor <thom@communigate.com> wrote:
From:      Jeremy Webber SMTP Authentication is usually always offered. The client MTA or MUA may
choose to use it, or not. If the client MTA/MUA does not authenticate,
then CommuniGate Pro checks the (1) source IP of the connection and the
(2) recipient. If the recipient is a local address, the MTA (such as
CommuniGate Pro) by default always accepts the message.

This is how Internet-based e-mail functions on all "non-Client-IP" (and
non-relay) SMTP traffic.

So, in short - you don't need to configure SMTP Auth at all. Just
configure these SMTP Listener ports:

Port     Init SSL/TLS
----------------------
25       off
465      on
587      off

And you're ready to go...

I'm confused....for a domain, the Domain Settings offer an option to "Force SMTP AUTH for:" for nobody, non-clients, clients, everybody.  Is that not forcing the use of SMTP AUTH if non-clients, clients or everybody is selected?

--Karl

#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>

--

Nicolas Hatier
Niversoft idées logicielles
http://www.niversoft.com


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster