Setting up a Gateway

Kip Turk nospam at WCC.NET
Fri Jun 28 15:31:35 IST 2002

On Fri, 28 Jun 2002, Dan Cooper wrote:

> I would be unable to follow Julians advice as layed out in the FAQ as our
> main mailserver  has to be available to the outside world.
> My plan was to just make the gateway machine a higher MX priority in the DNS
> for a particular domain, and then have sendmail place the mail in a mailbox
> on the gateway. Then a .forward file could go in the users home dir on the
> gateway machine, sending the mail to user at on the main
> mailserver.
> This, however, did not seem to work, as the messages were not scanned by the
> gatweway prior to them being forwarded to the main mailserver.
> Any ideas why mailscanner would not scan these messages? all relevant
> domains were in the file.

Are you sure it hit the gateway to be scanned?  One trick we've seen
spammers use lately is to grab the MX records, then send to the lowest
priority server.  Since we were running through an external filtering
server, this effectively circumvented the filters.  I solved the problem
by adding the filtering server as the lowest priority MX also.  This
left our main server available to the world in the event that the
filtering server wasn't available, but made it so that the spammers
couldn't trivially avoid our filters.

Kip Turk, RHCE                                       spamdies at
Systems Administrator/Killer of Spam/Writer of Code/Penguin Proponent
West Central Net - tel: 915.234.5678 / 800.695.9016 fax: 915.656.0071
-.-. --- -.. . / -- --- -. -.- . -.-- --..-- / .... .- -.-. -.- . .-.

More information about the MailScanner mailing list