truman at suspicious.org
Sun Sep 7 16:43:38 CDT 2008
On 7/09/2008, at 5:31 PM, Michael Thomas wrote:
> Eugeniu Patrascu wrote:
>> On Sep 3, 2008, at 8:08 PM, Winders, Timothy A wrote:
>>> Yes, setting up a 587 submit server internally would be best, but
>>> man power
>>> is at a premium and it hasn't happened.
>> I don't know what SMTP server you're using, but on Postfix you just
>> need to uncomment one line in master.cf, do a reload and that's it.
>> it takes less than a minute to do it on server. YMMV.
> Would that it were so easy :) You also have the more daunting task
> of hooking up your auth/aaa infrastructure with your MTA's, and all
> of the care and feeding that entails.
Exactly. The binding to port 587 is the easy part. The
authentication / TLS setup is slightly more complex in most networks.
This usually requires the running of another daemon on your MTA or
another reachable host in your network, which takes some time to get
up and running. Secondly you likely want to use a signed certificate
for your port 587 TLS connections, which means going through the cert
signing process with a CA.
More information about the NANOG