> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Daniel Bentley > Sent: Friday, October 07, 2005 1:47 PM > To: amavis-user@lists.sourceforge.net > Subject: Re: [AMaViS-user] Amavisd-new vs appliance > > -However-, I'm not sure how other boxes do things, but > there's a flaw in > how this one's applied. Namely, you give the box an IP, and > change the > MX record for your domain/s to point to the spam box. That's > all fine > and dandy, -IF- the sending servers are honoring and sending > according > to that MX record in DNS. If they're sending to an FQDN or > straight IP,
That's not a flaw in barracuda. All you need to do is to use your firewall to block incoming port 25 to your other mail servers. Same thing with any appliance. Might even keep the other server as backup mx record, and just change firewall to enable it if the barracuda goes down. And, as for mail servers not following mx records. They only ones that do that are viruses and spammers. The rfc's are very clear. If mx record(s) use those. ONLY USE A record if no mx records exist. Having an A record that is NOT a mail server (maybe a web server only) actually cuts down on spam due to poorly programmed spam engines. > it'll go straight to the email server anyways. So it's not exactly a > complete solution, so long as your email server still has an IP and a > connection to the 'net... We can play the IP and DNS shuffle, but so > long as we have records in DNS for SPF identification, the > spammers will > be able to find out what machines in our domain are e-mail > servers and > we'll be right at Step 1 again, with mail circumventing the Barracuda > box completely. > > YMMV (Your Model May Vary) of course, just some hands-on I've gotten > with one of these Barracuda boxes so far... I still think a more > optimal setup would be one that's trully 'in-line' for the > mail server, > comparable to a traditional firewall. When looking at > getting this box, > my manager kept reassuring me that it was in-line. Riiiiight... At > least it -does- help lighten the load on the mail server. ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
