[Mimedefang] filter_relay, HELO checks, and minimal filter

[Steffen Kaiser]

On Thu, 14 Aug 2003 mfaurot at atww.org wrote:

> > Are there particular IDs such as 'root' or 'postmaster' I need to
> > leave alone?
>
> postmaster needs to accept mail from "outside".  root could be isolated
> for just internal use though.

Yup; additionally see RFC 2142

>
> > Third, currently I am accepting email on one server and forwarding it in
> > to a spam-filtering server on the inside, that then forwards to an
> > internal Exchange server.  Originally I tried running mimedefang/SA
> > directly on the gateway mail server, but it quickly got hosed (a few
> > versions back, and it is an SGI).  Now, in order to do these HELO checks
> > properly, I need to run it again on the gateway.  My idea was to use a
> > very minimal filter with the SA lines commented out, in hopes that this
> > will reduce the load and the machine won't get hosed.   Any comments on
> > this idea?  The idea is some mail will get rejected at the gateway, and
> > the rest will get checked again and SA-checked on the filtering host.
>
> Why not just use a machine with enough horsepower to do a proper job of
> being the mail gateway?  That could simplify things all the way around.
> Instead of having three machines, just a gateway and the internal
> Exchange server.

This is what I'd do, too.
BTW: Several Spam-checks may be inaccurate without proper
relay-information.

Bye,

-- 
Steffen Kaiser