OT: Need some system advice please

Ken Goods KGoods at AIAInsurance.com
Tue Feb 27 01:57:57 CET 2007 

Chris wrote:
You could use a port forwarding solution.  Forward say port 993 external
to port 25 internal.  That way if something breaks as you put it and you
need to open port 25 from the internet you still can and it won't break
anything.

There simple fix.

Chris
> 1. Have Exchange inbound SMPT listen on an alternate port and
> configure the email clients to use this as their outgoing mail server
> port.
> Pros: Allows me to continue blocking port 25 to the Exchange Server
> from the internet. Fairly easy to implement.
> Cons: If something when wrong with the MailScanner box I would have to
> change the port back to 25 and open it to get regular mail and this
> would break the POP users accounts. It's possible (though not likely)
> that spammers could discover the port that SMTP is listening on and
> direct their spam to that port effectively rendering filtering
> useless. And there could be other problems that changing the SMTP port
> could do on an Exchange Server that I don't even know about. :)  
>  
>

Chris,
Excellent! Never even thought of that... too many other things to think
about. :)

Thanks so much Chris... I was looking for something easy and this could very
well fit the bill.

I've never done port forwarding but I'm assuming this could be done on my
firewall (linux iptables in bridge mode) through NAT or masquerading? Am I
close??? If so I think I can figure it out from there. If I'm way off base
I'd appreciate a nudge in the right direction.

I know I could use setups as were suggested earlier in this thread (and I do
appreciate the suggestions), but I have much more to do than just email. As
a matter of fact if I spend more than 30 minutes a week on the email server
the boss frowns a bit. :) I'm thinking if I port forward as you suggested
all I'd have to do is to point the users SMTP server port to the external
port and whala... done! One or two lines in the firewall rules and I'm good
to go. Or am I oversimplifing? 

Thanks again for a wonderfully simple yet workable fix. Pure genius! :)

Ken Goods
Network Administrator
CropUSA Insurance, Inc.

More information about the MailScanner mailing list