Postfix / MailScanner question - per domain relaying

Martin Hepworth maxsec at
Wed Oct 11 05:35:54 UTC 2017

Do this at the firewall level so only the relays ip-addresses addresses are
allowed port 25 inbound

On Tue, 10 Oct 2017 at 23:09, David Jones via MailScanner <
mailscanner at> wrote:

> On 10/10/2017 03:34 PM, Quintin S. Giesbrecht wrote:
> > Thank you very much, that all makes sense.  Just a question that was
> raised now though...we're using MailWatch, and of course, the client IP is
> always our external relay's IP, so by using internal_networks and
> trusted_networks in spamassassin.conf, the RBL checks should then be done
> against the next IP address in the headers?  Do you know if MailWatch
> should then report the client IP as the actual sending server, and not our
> relay then?  Because that would be cool.
> >
> Nope.  Sorry.  The client IP will be the actual IP talking to the
> MailScanner server.  Why don't you change the networking to combine the
> mail services onto your MailScanner box.  MailScanner is going to work
> best when it's directly on the Internet edge.  If you can't combine them
> from a networking perspective then perhaps you need to setup MailScanner
> on the other edge mail server and "federate" them to share MailScanner
> and SpamAssassin configs using rsync to push configs from the "master."
> --
> David Jones
> --
> MailScanner mailing list
> mailscanner at
> --
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list