[107590] in North American Network Operators' Group
Re: ingress SMTP
daemon@ATHENA.MIT.EDU (Truman Boyes)
Sun Sep 7 17:43:55 2008
From: Truman Boyes <truman@suspicious.org>
To: Michael Thomas <mike@mtcc.com>
In-Reply-To: <48C44846.8050308@mtcc.com>
Date: Sun, 7 Sep 2008 17:43:38 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On 7/09/2008, at 5:31 PM, Michael Thomas wrote:
> Eugeniu Patrascu wrote:
>>
>> On Sep 3, 2008, at 8:08 PM, Winders, Timothy A wrote:
>>
>>>
>>> Yes, setting up a 587 submit server internally would be best, but
>>> man power
>>> is at a premium and it hasn't happened.
>>>
>>
>> I don't know what SMTP server you're using, but on Postfix you just
>> need to uncomment one line in master.cf, do a reload and that's it.
>> it takes less than a minute to do it on server. YMMV.
> Would that it were so easy :) You also have the more daunting task
> of hooking up your auth/aaa infrastructure with your MTA's, and all
> of the care and feeding that entails.
>
> Mike
Exactly. The binding to port 587 is the easy part. The
authentication / TLS setup is slightly more complex in most networks.
This usually requires the running of another daemon on your MTA or
another reachable host in your network, which takes some time to get
up and running. Secondly you likely want to use a signed certificate
for your port 587 TLS connections, which means going through the cert
signing process with a CA.
Truman
