On Sun, Sep 23, 2007 at 01:50:43PM -0400, Michael Scheidell wrote: [Please post to one list only. Since I'm not subscribed to spamasassin-users, I removed that list]
> Sometimes a large company will have a proxy server set up in the DMZ and > then send it to their internal mail server. > I understand that ideally, the proxy server would be replaces with a > SpamAssassin/MTA setup. What do you mean with "proxy"? A MTA running spamassassin, amavis, whatever can be a proxy, of course. > #1, SPF. SPF helo, SENDERID > The proxy will be adding a received header, and announcing 'HELO/EHLO' > using its own name, not the senders. You can never rely on EHLO/HELO. Even if it is not faked or misconfigured, it need not to be the original senders host. > #2, many blacklists that depend on the last received header (the proxy > will normally put on in) If your DMZ MTA gots blacklisted, you have other problems. > For Amavisd/others that use p0f, all we get is signature of the proxy. > Smtp ratelimiting, greyisting, even recipient verification break. You > can't drop the SMTP session when the sender sends you an email with a > bad address, the proxy has already accepted it. You can't use 4xx > errors in your policy server to do greylisting on policy blacklisting > because you are sending the 4xx error to the proxy. That is why you want to have filtering on your DMZ MTA, not on the internal MTA. > On amavis, if we use MY_NETS policy, and we put the proxy ip in the > 'localnets', it will spam the spam and virus contact address on every > email from the 'local network'. See above. > Any solutions other then take the proxy server out and replace it with > the SpamAssassin/MTA combo? I'm really unsure what a "proxy" is for you. Rainer ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/