[Mimedefang] Newb looking for advice on setting up a SA/MD gateway server

[Scot Desort]

We run a bunch of  Win32 mail servers on our network. These servers
already have spam and virus filtering for local email delivery.
However, when a mailbox has it's mail forwarded off-net, the mail is
not filtered. As such,  when a local users forwards their mailbox to
AOL, they then read their email in the AOL client, click the SPAM
button in the AOL client, and OUR IP address(es) get flagged by AOL.

Getting rid of the Win boxes is not an option. So, I want to force all
of my Win mail servers to gateway all of the OUTBOUND email to a SA
box that will filter it before it leaves my network. I will need to
have the filtering config ignore the IP addresses of all of my
internal boxes, and begin scanning at the next hop IP in the mail
header. I was originally thought about having some way to ONLY scan
forwarded mail (as opposed to mail originating on my network), but I
think that would not be worth the effort, and I might as well scan
everything.

>From reading as many FAQ's and sample configs as I could find, it
seems like SA with MD would be my best bet. It appears to give me the
flexibility I need, without being overly complicated.

Initially, the server would not handle inbound mail, but may be
expanded to included that as well.

Due to the way that the Win boxes handle forwarding, when a forwarded
message is detected as spam and sent back to the Win32 box from SA, I
can't really bounce it. I will need to either forward it to a mailbox
for my admins to review, or simple delete it.

Does it sound like the SA/MD combo meets the requirements above? If
so, is there an FAQ or some other document anyone knows about that
gives an example of this config?

TIA,

-- 
Scot