[clamav-users] clamav-milter LocalNet option / outgoing mail (Debian Wheezy)

Daniel Spies ds20150222clam at pskx.net
Mon Feb 23 08:46:36 EST 2015


On 02/23/2015 02:27 PM, Ian Eiloart wrote:
> If your goal is to separate authenticated from unauthenticated mail, the place to do it is not at the port, but at the IP address. Use a different server, and publish new MX records. Here, we don’t use a different physical server, we have two IP addresses on one physical interface, and separate Exim processes listening on the different IP addresses:

It's not exactly why I wrote to the list, but this would certainly make 
things a bit easier. Thanks, I'll definitively take that into 
consideration.

> The process configured to use mx.example.com would listen only on port 25
>
> The process configured to use msa.example.com (or more likely smtp.example.com to satisfy some autoconfiguration algorithms) would listen on ports 587, 25, and 465 (unfortunately, there are still clients that like to use this port for ssl-on-connect)

I disabled port 465 a while ago. However, I still have clients 
authenticating on port 25, which I learned is the default port for some 
applications when setting up STARTSSL (e.g. the Android AOSP mail 
client). This configuration would make things easier...

> Of course, our documentation and autoconfiguration servers all recommend port 587, but there’s no harm in (for example) local clients using port 25.
>
> I don’t use Postfix, so I don’t know whether you can configure it to listen only on one virtual interface. If not, you may need two physical hosts, or you might be able to do this on one host by virtualising your servers.

Postfix natively supports multi instance setups.

Daniel



More information about the clamav-users mailing list