[Mimedefang] filter_relay, HELO checks, and minimal filter
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Fri Aug 15 01:36:02 EDT 2003
On Thu, 14 Aug 2003 mfaurot at atww.org wrote:
> > Are there particular IDs such as 'root' or 'postmaster' I need to
> > leave alone?
>
> postmaster needs to accept mail from "outside". root could be isolated
> for just internal use though.
Yup; additionally see RFC 2142
>
> > Third, currently I am accepting email on one server and forwarding it in
> > to a spam-filtering server on the inside, that then forwards to an
> > internal Exchange server. Originally I tried running mimedefang/SA
> > directly on the gateway mail server, but it quickly got hosed (a few
> > versions back, and it is an SGI). Now, in order to do these HELO checks
> > properly, I need to run it again on the gateway. My idea was to use a
> > very minimal filter with the SA lines commented out, in hopes that this
> > will reduce the load and the machine won't get hosed. Any comments on
> > this idea? The idea is some mail will get rejected at the gateway, and
> > the rest will get checked again and SA-checked on the filtering host.
>
> Why not just use a machine with enough horsepower to do a proper job of
> being the mail gateway? That could simplify things all the way around.
> Instead of having three machines, just a gateway and the internal
> Exchange server.
This is what I'd do, too.
BTW: Several Spam-checks may be inaccurate without proper
relay-information.
Bye,
--
Steffen Kaiser
More information about the MIMEDefang
mailing list