> DNS records > pop.company.com MX 10, A > mail.company.com A > ok if sending mail to [EMAIL PROTECTED] mail routes correctly to the > Appliance and all is fine and dandy.
. . . because you also have another MX record, the one for company.com, pointing to the appliance. You have actually shown this record. > Its when you send a message to [EMAIL PROTECTED] that a problem > occurs. it bypasses the mailfoundry device and sends the message > directly to the user without scanning it. Of course. If you only have the above DNS A record for mail.company.com, you have no MX record telling it to go anywhere else. In the absence of an MX and in the presence of an A record, SMTP will use the A record. It's not going to "walk up the tree" and decide to use the MX record for the parent domain. This is a common misconception. > So am i making this too hard? or am I officially stuck or what? You're actually leaving out the real problem, which is that you have a machine exposed to the 'net which is listening on port 25 and accepts unauthenticated submissions on that port straight into your mailbox server. Even if you _did_ have an MX for mail.company.com that told well-behaved senders to go through the appliance, rather than straight to the mailbox server, spammers and their spambots aren't very good listeners! > I want to make sure that my remote users have the ability to send > and receive mail from their mail clients while preventing spam being > sent directly to the mail server (mail.company.com) What am i > missing. You need to listen on a non-traditional port (both for obscurity and accessibility from dial-up providers) that only accepts authenticated submissions -- in other words, even messages for local delivery must be from authenticated senders. The well-known TCP port for this is 587. IMail's latest versions (8.2x) support this config, so if you have the budget, this will be the easiest way to fix your problem. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
