On Mon, Jun 05, 2006 at 12:33:23PM +0530, Siju George wrote: > Hi, > > One of my openBSD server is the Gateway/Firewall to internet. > Our mal server(s) is on the Internet. > > What would be the best method to scan all mail traffic through the firewall? > Currenly I am using plain NAT. > > It would be great if people can recommend which is the best software > from packages/ports if I have to install any. >
I successfully use spamd in grey listing mode, with postfix, and that's all. Works great. Use extensive postfix dns checks and that kills all non-mailling list spam: smtpd_recipient_restrictions = reject_non_fqdn_hostname reject_invalid_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_client reject_unknown_hostname reject_unknown_sender_domain reject_unknown_recipient_domain permit_mynetworks reject_unauth_destination check_recipient_access pcre:$config_directory/recipient_checks.pcre check_client_access btree:$config_directory/client_checks.map check_sender_access btree:$config_directory/sender_checks.map check_client_access pcre:$config_directory/client_checks.pcre check_helo_access btree:$config_directory/helo_checks.map check_helo_access pcre:$config_directory/helo_checks.pcre smtp_skip_5xx_greeting = no smtp_skip_4xx_greeting = no smtpd_helo_required = yes smtpd_recipient_limit = 50 smtpd_recipient_overshoot_limit = 5 smtpd_reject_unlisted_sender = yes smtpd_soft_error_limit = 3 smtpd_hard_error_limit = 6 biff = no delay_warning_time = 1d message_size_limit = 5242880 disable_vrfy_command = yes unknown_address_reject_code = 554 unknown_hostname_reject_code = 554 unknown_client_reject_code = 554 strict_rfc821_envelopes = yes strict_mime_encoding_domain = yes strict_8bitmime = yes default_database_type = btree header_size_limit = 5120 body_checks = pcre:$config_directory/body_checks.pcre header_checks = pcre:$config_directory/header_checks.pcre allow_percent_hack = no This lot is pretty heavy to the point that it does reject more legit mail than most people would tolerate, but hey, tough. The postfix docs and mailling list are really good. -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
