Perhaps a little clean history is in order. We have 6 pretty decent Debian Linux machines handling inbound mail as mx servers. All MX records are set to the same preference so we load balance pretty well.
Each server does the prelim stuff, HELO checking, valid envelope, stuff like that and there are some deny's from these fatal things. We also do some dictionary attack stuff in Exim but we also run IPtable rules to kill the real DOS stuff. Off to ClamAv to get accepted or dropped like a rock Next we go into sender/recipient verification which dumps a lot of crap as well. Then we go into DNSBL which only tags headers. Then on to a few other ACL's and then off to Spamassassin/Razor for scoring Then it's finally sent on to the primary mail cluster which is a cluster of Windows based mail servers doing both secure and unsecure POP, SMTP, IMAP, and also Authenticated SMTP for outbound. Outbound: Another 6 Exim servers load balanced Outbound mail checked again almost with the same intensity as inbound mail before sent out. No spamassassin on the outbound side. We serve over 11,000 domains and somewhere in the order of 300k email accounts. We simply cannot drop mail unless it's obvious that there is a problem. We do not have the ability to stop mail from coming in to our network because its from Korea or someplace. Many of our hosted customers are international. Not even for reverse DNS can we dump mail. Do you have any idea how many idiots are running in house exchange servers and have no clue what they are doing so reverse dns is not an option for dumping mail. So all this crap finally hits the primary mail cluster and there it is very well scored and marked up in the header with all kinds of tags. We even have custom ACL's for spamassassin to rate the score so people can filter on it. The filtering works fine but, and here is the main cluster Fu..., our mail servers don't look beyond the first "from" when they compare inbound mail against the user's white lists. So any false positives must be handled with a content filter rather than just the simple white list provided by the mail server software. Yes, I know it's a problem with the mail systems but there is no options with them right now. If I can just get rid of the damn first "From" header in the email or move it down life would be a scotch on the rocks next to the pool. Want to know more? -- View this message in context: http://www.nabble.com/Changing-Email-Identity-tf2425071.html#a6765574 Sent from the Exim Users mailing list archive at Nabble.com. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
