On Mon, 23 Mar 2015 06:58:21 +1000 Stuart Longland <stua...@longlandclan.yi.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 15/03/15 09:11, Joris Bolsens wrote: > >> Mail server, > > I thought about this, but from what i understand, mail servers are > > notoriously difficult to secure properly. > > The crucial bit is ensuring you don't openly relay all mail. Only > traffic from your authorised users. > > That's the major tricky bit. Nothing worse than coming home to a > modem running red hot and a mail queue crammed with Viagra spam. > (Been there, done that. On dial-up too no less.) There are basically two ways, with slight variations: you either relay only for authenticated senders, and organise your network machines to authenticate, or if your mail server is within your private network, you can relay only for hosts in that network address range. If your email server is outside your network, and not accessible by VPN, only the authentication method is possible. > > The only issue you might hit is port 25/tcp being blocked by your ISP. > You may have to relay outbound email via their SMTP server. I think that's quite rare, as I still get vast amounts of malware from domestic connections. What is more likely is that outgoing mail will not be accepted by many people for a variety of perfectly good spam-reducing reasons. Many ISPs don't care if their IP address blocks are on email blacklists, and won't make any attempt to have them removed. Many will not provide means of setting a proper PTR record for the IP address. In some parts of the world, it's difficult and/or expensive to obtain a fixed IP address, and while some kind of job can be done using a dynamic address, it's not ideal and almost certainly the address pool will be blacklisted, requiring the use of an outgoing smarthost. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150322214220.6e0f9...@jresid.jretrading.com
