Thanks Scott and Andrew for the responses. What I am doing is configuring a gateway server for an primary Imail server. The Primary will be doing all mailboxes, Declude Virus, Declude Hijack, Web mail, POP3 and so farth.
The gateway server will be doing all Junkmail filtering and receive and send all to the Internet. So, on the Gateway server, I want to use IPBYPASS then, listing the IPs on the main server. John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Colbeck, Andrew > Sent: Thursday, July 08, 2004 6:19 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [Declude.JunkMail] IPBYPASS and WHITELIST IP > > John, let's say that you have a Postfix gateway in front of your > IMail+Declude server. > > If you whitelist the gateway, then all mail from that server or passed > through that server will be whitelisted. That would be *bad*. You would > instead use IPBYPASS, so that all the IP based tests are not against your > gateway, but rather against the host that sent the message to your gateway. > > Now let's say that there is no server in front of your IMail+Declude server, > but you do have one customer whose mail is being redirected to you by their > old server. > > You would still want to IPBYPASS that server if all it ever sends is from > the one domain. If you WHITELIST it instead, then once again, you get all > the spam that comes from it or through it. > > If you try to WHITELIST and IPBYPASS, the IPBYPASS will win, and no IP based > tests will run against that host. Messages that passed through that host > will have IP based tests run on the hop before that host. Messages directly > from that host will have no IP based tests run against it. > > If you WHITELIST an internal server, then following the logic from the > previous example, you would then run IP based tests against your internal > workstations. If it's a private IP address space, probably none of the IP > tests would trigger (unless you test for Bogons). If it's not a private > space, or you NAT-hide what would be a public space, you would expect that > DUHL tests would trigger on all of the internal mail clients. This is why > my ancient global.cfg has a note in it to tell you to whitelist your own > client space or don't use the DUHL tests! > > Does that help? > > Andrew 8) > > -----Original Message----- > From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 08, 2004 4:11 PM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] IPBYPASS and WHITELIST IP > > > If you have a WHITELIST IP line for an IP address, does it make sense or is > it redundant to have a IPBYPASS line for that IP? > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
