Let's say that I have an Imail server protected by Postini or IMGate.
The Imail Server has a bunch of domains each one with its unique IP.
The Imail Server only accepts SMTP connections from the Postini or IMGate
host (or Local users).
But (here is the flaw of this design) the Imail server has an IP which it
uses to accept SMTP connections from anybody to relay email (using AUTH of
course for not local users)
The Postini hosts (I am not sure about IMGate) will need SMTP VRFY enabled
in the Imail server in order to provide a better protection against harvest
or dictionary attacks.
With IMGate or other on-site (vs remote) MX, the list of mailbox
accounts is exported to the MX so the MX can, by itself, not querying
SMTP or LDAP servers, accept/reject mail for legit users. Having the
MX query the backends passes the crap to the backends, rather than
stopping the crap at the MX.
Somebody can confirm, but it sounds like postini-type services and
barracuda type boxes don't keep local copies of the legit recipients.
Judging from the null senders of that humongous joe-job I posted here
last week, way too many MXs still accept mail for all recipients,
then generate non-delivery msgs for illegit recipients to the
envelope sender, thereby making joe-jobs possible.
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
