On 14/02/11 10:33, Dave Evans wrote: > Add monitoring so that if you ever make that configuration error again, you'll > know sooner. Add something based on rate-limits so that if it happens again, > the system can autonomously take some sort of preventative action.
Actually, that's a good point. You should have a set of configuration-testing scripts hanging around, and preferably a dev server/VM so you can test changes on there first. I use swaks extensively to test for things that should or should not work -- specifically for your example I attempt to send a message to/from external users without authentication (which should fail), and with authentication (which *might* be allowed by your site policy -- do you restrict authenticated users to send only from the authentication address?) Using an eicar and a gtube file, you can test your spam & malware config for inbound and outbound messages easily. I have also configured some site-specific rules in spamassassin to allow me to submit a message with almost any precise known spam score (using perfect optimal Golomb ruler values, what fun), for threshold testing (yes, I have a site with a Junk folder, sorry) You can choose to run these tests regularly against your production service to assure that the configuration is still minimally valid, and every time you discover a fault/add a new feature, you should add at least one test for it *first* -jim -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
