Re: Unable to reach POP server

From: Phillip Windell (_at_.)
Date: 09/08/04 

Date: Wed, 8 Sep 2004 15:38:25 -0500

"Bryan Linton" <blinton@nospam.connellinsurance.com> wrote in message
news:esqJw5dlEHA.3432@TK2MSFTNGP14.phx.gbl...
> "Phillip Windell" <@.> wrote in message
> news:O5WBMSRlEHA.3104@TK2MSFTNGP14.phx.gbl...
>
> > That is actually a good way to do that. I would not criticize her.
> > Separating "jobs" out to different public IP#s is more flexable and
> > scaleable then trying do everthing with on one public IP#.
> <snip>
>
> Thanks for the reply. I actually wasn't criticizing, I honestly was not
> sure why she did it that way. In my case, the 1:1 NAT is interfering with
> my port-forwarding requirements, but I can see how multiple IP addresses
> could give additional flexibility, now that you mention it.
>
> The dilemma I have is how to let our external users relay mail off our
> server. All incoming traffic on port 25 is relayed to our spam firewall,
so
> any attempt to connect to our mail server on port 25 would also be
directed
> to the spam firewall. Do I need to set my mail server's SMTP port to an
> unassigned, non-standard port number? Like, say, port 60?

No. The users would simply use the Spam filter's SMTP service just as if it
was the regular mail server's SMTP. They would not know the difference. It
is up to the Spam Filter to be able to determine if they should be allowed
to relay or not. The real mail server would never even see or touch the
user's outbound mail. The message would simply go from the user mail
client's "outbox" (Outlook Express?) to the Spam Filter's SMTP Service where
is is tested to see if it is spam, then tested to see if the user is allowed
to relay, and then it would be "relayed" directly to whereever it is
supposed to be destined,...it would never get to nor touch the regular mail
server.

POP3 on the other hand is a spearate service all together. The user connects
directly to the POP3 Service on your real Mail Server to be able to pick up
their mail. They would do this via the way your Firewall if rigged to pass
the POP3 traffic on to the real mail server. The spam filter machine is in
no way involved in this. 

-- 
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Relevant Pages

  • Re: Connection Closed vs. Timed Out when blocking port
    ... We implemented this concept called "Nolisting" to prevent spam. ... that the primary MX server responds back "connection refused", ... But blocking port 25 does not ... If there is an SMTP service running on ...
    (microsoft.public.windows.server.networking)
  • Re: Current status?
    ... You would still need to know who your MTA is ... justification for allowing anybody to use port 25. ... to the problem of how to get the email system to be more immune to SPAM. ... your ISP should never allow you ...
    (comp.os.vms)
  • Re: Current status?
    ... spam will not stop because you start blocking port 25. ... I still won't use the idiots running the ISP for my mail. ...
    (comp.os.vms)
  • Re: Need advice about hacking and security
    ... All of my email accounts - Hotmail, Yahoo, ... The email is the kind of spam that everyone gets ... Install a firewall, and sandbox any known security risks such as MS Office, ... a few port scanners. ...
    (comp.security.misc)
  • Re: Outlook 2007 sending spam email with my mail
    ... of a botnet, but the bounces you're getting back are probably not an indication of that, and I don't think that the real email you're sending to people has any part in that process. ... The fact that Comcast has you using an alternate port for SMTP does indicate that maybe your machine is spamming and they are blocking port 25 from you, knowing that you can switch Outlook to a different port, but the botnet software won't be able to make that change. ... Also Comcast won't let me use the normal SMTP port but this 587 one to block "my spam" going out. ...
    (microsoft.public.outlook)