New? behavior og rbl's
peter at farrows.org
Fri Sep 23 12:33:57 IST 2011
On 23/09/2011 11:50, Jonas wrote:
>> Which translated means:
>> - put your MTAs on dedicated IP/s and do not share with gateway.
>> - setup log watching/alerts
>> - If you're corporate/Exchange don't allow OWA without being VPN'd or at least
>> use a non standard port.
>> - block port 25 outbound for all behind the gateway which is not an MTA (your
>> MTA is on dedicated IP)
>> - use outbound rating to minimize possible blasts.
> All sound advice for enterprises, however the part about putting your MTA on a dedicated IP is just nonsense. Here in Denmark 90% of companies have less than 10 employees, so most just run on business adsl lines or similar smaller connections, where there is only 1 WAN ip.
> Who suddenly decided you need multiple WAN ip's to host a mail gateway?
> In my humble opinion its taking it way too far when you combine things that has nothing to do with mail with a mail blocking filter...
> Med venlig hilsen / Best regards
> Jonas Akrouh Larsen
> TechBiz ApS
> Laplandsgade 4, 2. sal
> 2300 København S
> Office: 7020 0979
> Direct: 3336 9974
> Mobile: 5120 1096
> Fax: 7020 0978
> Web: www.techbiz.dk
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
I Agree, if you have a machine on your network that sends spam for what
ever reason, your WAN IP address of your gateway will get targeted for
This is the way of the world.
The lesson from of all this: Make sure you keep you network clean and
tidy and secure and don't send spam.
Sending out on different IPs is nonsense.
One gateway and properly managed network is all you need for most small
companies, if you can't keep your network secure and free of spamming
worms and viruses, find someone who can.
Just my 10p worth,
and yes I am having a bad day... (but not with spam or blacklists)
More information about the MailScanner