better blocking at MTA level (off-topic)
Dhawal Doshy
dhawal at netmagicsolutions.com
Sat May 26 12:07:25 IST 2007
Koopmann, Jan-Peter wrote:
> On Saturday, May 26, 2007 12:14 PM Dhawal Doshy wrote:
>
>> Run 2 instances of your MTA on different IPs.. one for incoming and
>> the other for outgoing.. the incoming can be strictly configured with
>> the above and you can be less strict on the outgoing as long as there
>> is smtp-auth
>
> How would that help? Their clients do not use SMTP AUTH but rather send
> usual mail. From e.g. ships via satellite without SMTP proxies. Or
> managing directors sending important mail from dynamic IPs etc. If I
> tell our client to not accept that mail and teach his/her customers to
> finally setup a correct mail service they will fire me right away since
> they need those mails and it is not really considered good style to
> "educate" your customer...
maybe i didn't explain it well enough..
When your users connect on the outgoing SMTP server, their MUAs are
talking to your servers so you have to relax your rules..
For incoming mails (your MX record), MTAs are talking to you (not MUAs)
so you ought to expect someone sensible running them and you can afford
to reject on certain criteria.
Based on the above assumption, you can for instance use zen.spamhaus.org
on the incoming MTA (MX) without worrying, you do not want it on the
outgoing MTA since your senders *will* mostly be sending from a DSL like
connections.
More information about the MailScanner
mailing list