Require SMTP_AUTH on port 25, Support IP's allowed to relay (qmail)

I have an anti-spam firewall in front of our InterWorx boxes, which handles all of the mail incoming via MX records and delivers only the clean ones on to the InterWorx boxes. It works great, except spammers frequently ignore the MX records and send spam directly to the InterWorx boxes (obvious because all of the added anti-spam headers are missing).

I have our boxes configured as follows:

Non-PCI Compliant
Port 25: SMTP-AUTH available, TLS optional
Port 587: SMTP-AUTH required, TLS optional

PCI Compliant
Port 25: SMTP-AUTH available over TLS only, TLS available
Port 587: SMTP-AUTH over TLS required

We instruct all users to use port 587 and SMTP-AUTH, but I’m aware that people quite frequently use port 25 because Outlook encourages it. Outlook likewise discourages use of TLS due to hostname mismatches, which is why it is optional for the non-PCI compliant servers.

To complicate matters somewhat, not ALL of our InterWorx domains are using the new anti-spam appliance. It’s in testing, so even though there is no option in InterWorx for “Port 25: SMTP REQUIRED, Except for these IP’s allowed to relay” (which I need), I couldn’t use that solution yet.


  1. Could there be options for Port 25 just like Port 587, where SMTP is required, with or without TLS?
  2. Can qmail support whitelisted IP’s allowed to relay with no additional SMTP_AUTH or TLS requirements? The docs suggest it can be done, by adding rules to /etc/tcp.smtp, but I am really hesitant to go around the control panel on this one. I believe the “MTA SMTP Options (inbound)” section needs to support that IP list.

(Similar to this request, but not the same. I am trying to use the InterWorx SMTP for ONLY SMTP_AUTH except from a specific IP.)

Hi jimp

I would think after quickly reading your post, you would need to add rules manually as you posted

There is software which can go infront of your qmail which will give you what you want, but I cannot think of its name sorry, however, i have posted how to install it and get it very quickly up and running, which works very well

You may want to route all email outbound through your spam box, so it filters on outbound email.

When I have time I’ll look up my post and post link here for you

Many thanks


Hi jimp

Please see this post and it’s called spamdyke

I hope that helps

Many thanks