> From: Matthew.van.Eerde ... > We use this same setup. > > One SMTP server (A) that accepts only authenticated sessions > and allows relay for those. > Another SMTP server (B) that accepts any session but does not > allow relay. > > The trick is to only have A listed as an MX record. B does > *not* need to be listed as an MX record. Usually B is listed > explicity (by DNS name) in the off-campus-client's email > client as the "Sending Mail Server" or "SMTP Server" - no > need to advertise it in DNS, though a portscanner will still find it.
Er, duh... reverse A and B in the last paragraph. MX-record-advertise your public SMTP server that accepts incoming email. Don't advertise your authentication-only SMTP server and legitimate mail servers will never attempt to send mail through it. Double-check that the authentication-only thing is working by using a relay-test service such as ordb.org. In fact, relay-test all your machines that listen on port 25 as a matter of habit. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
