Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Postini lockdown = Dead SMTP for users

Status
Not open for further replies.

Hagfish

MIS
Jan 20, 2005
88
US
So, I'm helping out a buddy whose company recently signed up for the postini spam filtering service. Here's the twist, they run an offsite/co-lo (archaic) POP3 email server (imail 6).

So here's the deal. Postini tells me for the service to be effective, I need to lock down port 25 for only the postini range of IP's - Ok, no big deal - done. Here's where the problem comes in.

Because the mail server is offsite, the users at the office rely on hitting the server on port 25 to send mail, and of course at this point, they're blocked!!! And as far as I can tell on this old-arse email server, there seems to be no way to add an additional port for the server to listen on for smtp. One thought I had is to just come up with a random port number and have it redirect to 25 at the co-lo site, but then we'd have to get everyone to change their default smtp port, or go around do it for them (a lot of users).

Anything I'm not thinking of to make this headache go away? Thanks
 
You don't HAVE to lockdown port 25. It just enhances things as SMTP traffic can only get into the server via Postini. Google (Postini) has the same assumption as most other cloud based solutions - you're using a real email server and not a POP3 server.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Thanks for the reply -- I do understand that it's not a must. Unfortunately, I think this is one of those situations where it really does need to be locked down. This company is inundated with spam -- and Postini, in its current state, is helping, but way too much still getting by because of the spammers going straight into the server.
 
I hear ya, but for the interim, what do you think about the idea of leaving imail listening on 25 (for postini), but coming up with a random port to configure on the clients and have the pix forward it on the inside to 25?
 
So, you have the Postini servers IP addresses setup to pass through/use Port 25. This is great, for that service. This Does help to fight the Direct Spam to the POP box off site.

If you are not going to have the users at "The Office" change their Email Client configuration to utilize a different port, then you Could consider opening the Off site to connection over port 25 FROM -The Office- IP address/s.

In this scenario only Postini and your Office IP's would be able to communicate with your off site email server, thus eliminating the "Direct Spam" to the email server, and still allowing your Office users to connect to their email.

_____________________________________________

Michael Kennedy
Support Engineer
mkennedy@hostmysite.com

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top