Il 14/09/2023 03:21, Steven Levine ha scritto:

In <list-7891460@2rosenthals.com>, on 09/13/23
    at 08:46 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:

Hi,

i don't want to buy a certificate SSL

There's always Let's Encrypt.  The only downside is the expire relatively
quickly so you need to refresh the script more often than a purchased
script.

i use LE on apache, but a cert. that expire each 3 months don't put thunderbird or other mail clients (outlook, smartphones etc.) out of work?
i mean the user don't receive new mails and have to do something to accept the new cert.?

should i use IJ fw to port fwd the 587 to something like 33333 :) do i
will allways reach 587 port from the inside LAN here?

I'm not sure I understand how you envision your setup or the full scope of
your problem.  The user's are going to submit via 587.  Are you saying you
want to port forward to 33333 internaally have have Weasel list to 33333.
That can work, but what's the downside of passing port 587 through to the
server running the weasel instance?

Steven

no, i don't want to expose port 587 to the world
i want to use another "strange" port like 33333, 44444, 55555 etc.

in about 20 years that i manage servers over the internet i've learned that moving ports
reduce the possibilities of hackers' attacks