I never said nuffin!!!! -----Original Message----- From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Thursday, March 17, 2005 2:31 AM To: ISA Mailing List Subject: [isalist] RE: Message Screener vs. GFI - First time setup... http://www.ISAserver.org > Yes, I don't mind having remote clients change an IP. Is there a > reason why > you chose port 587..?? Is this a common practice? > > I assume then that if something comes in on the standard SMTP port, there's > no way to differintiate between an SMTP server sending mail and a legitimate > user relaying mail. Correct? Port 587 is the proposed RFC for an alternative port for SMTP Authenticated users only. I am not sure exactly which e-mail servers are actually capable of only accepting outgoing e-mail via port 587 from authenticated users, but the intent is that an answer to all the zombies out there spewing filth through the unknowning users ISPs mail servers. Many ISPs are now blocking outbound port 25 in an attempt to quelch or stem the flow of that filth from their networks. What some of us are planning is that we would have 2 or more gateway SMTP servers that are the MX records and accept all incoming e-mail from the Internet. Those gateways then forward the messages to the production or backend server for delivery to uses. That production or backend server would only accept e-mail from either the gateway servers or from authenticated users via port 587. I have now probably explained more than what most Exchange admins understand, but in this day and age, you can not just administer the Exchange server. You have to understand and interact with DNS, SPAM, Viruses, other e-mail admins and so forth. Do the production e-mail servers you have support LDAP? If so, you best bet is to use a gateway server that can make LDAP queries to update a user database, either in realtime or scheduled. I have not used GFI MailSecurity or Mail Esentials, but the MS IIS SMTP message screener is not an option for you. If you are interested in other options, you can contact me off list for some recommendations. The reason I am saying this is because you are obviously an ISP or ASP and this goes beyond the intend scope for this list. And no Steve, I am not going to try selling him my services. With 1000 domains, he needs a dedicated box as the gateway, or even 2 gateways. John Tolmachoff Engineer/Consultant/Owner eServices For You ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx The haggis is unusual in that it is neither consistently nocturnal nor diurnal, but instead is active at dawn and dusk (crepuscular), with occasional forays forth during the day and night.