-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michelle Konzack wrote: | Maybe I can catch (on the LEAF-Router) the incoming connections to Port | 25 and redirect them to a SMTP-Proxy which do dedicated RBL-Checks and | then forward the message to my courier-mta. | | Problem: I do not know HOW to setup the redirection of the incoming | SMTP-connection ant the setup of a SMTP-Proxy. | | Can you help me with this? (I have not found a documentation which | describe this)
You can route mail via the proxy using MX records. In this setup, the proxy server(s) live at your published MX address(es), with routing rules to send in-bound mail to your real mail server(s). You can also use shorewall rules to route only particular connections through your proxy, typically with a DNAT rule. The details will depend on exactly what you want to setup...see the shorewall documentation for examples. |> I find a combination of various RBL lists and some standard non-spammer |> tweaks (ie: drop early talkers, virus filtering, etc) keeps the inbound |> mail load under control enough I can run everything through the fairly |> CPU intensive spamassassin. We only get about 8-10K legit e-mails/day, |> however (many times that in spam), so YMMV. | | Since it is not only an incoming SMTP-Server but courier-imap too and | then private filtering rules I realy like to put the whole spamfiltering | on a dedicated machine... I have a bunch of P2 with 366 to 550 MHz and | 384/512 MB of memory laying arround in mass (my very old Servers) maybe | they can do the stuff as dedicated machines... Dedicating a machine (or more) for spam filtering is a very common setup that can scale well. If you want to use more than one machine for spam filtering, it's easiest if you just have the MX records point to your spam filters. That way you can have multiple machines sharing the filtering load in a round-robin arrangement. You can't easily round-robin the destination of a shorewall DNAT entry. NOTE: If you have a limited number of public IPs, you can use DNAT to split your public services to multiple machines. So if, for example, all your DNS entries for SMTP, IMAP, etc. point to the same IP, you can use DNAT to redirect some of those services to a different machine(s). - -- Charles Steinkuehler [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHh5E9LywbqEHdNFwRAsktAJ9kMtDHY3VNU8ll9OmL9V5IrqYqBwCfa4KK KzkdOXvAqFw3vlXVaWqFKhg= =TlGt -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
