David F. Skoll said: > 3) Even if you don't have MX or A records pointing to internal mail > servers, you should firewall off port 25 on internal mail servers from > the outside world. We've seen instances of the MyDoom virus bypassing > the MIMEDefang machine by port-scanning for something listening on > port 25. > > The basic guiding principle: Do not permit any path for Internet > e-mail to bypass your MIMEDefang machine. I would like to firewall off access to an internal mail server, but my clients from off campus use it to send mail... This would work: Allow authenticated and local users to send mail through it but refuse all other mail through it. Configure it so external mailers will re-attempt delivery through external mx mailers... If I generate a 451 code to external MTA's They should try the secondary mx, correct?
-- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
