On Mon, Nov 01, 2010 at 11:36:00AM +0200, Nicholas Sideris wrote:
> Hello,
>
> I am in a case, where I need to configure a postfix daemon for acting
> as an SMTP server, where some spam-filtering and some anti-virus would
> run in parallel in the box. This would be a help, for a local ISP, to
> control spam relayed outside from his own network and thus avoiding IPs
> to get blacklisted, etc. Now my problem. The users can use the SMTP server
> directly, thus if they select mysmtp.mynetwork.com everything is okay.
Don't silently redirect users' SMTP traffic.
Your options:
- Join the SpamHaus PBL as an ISP, and add your IPs to the PBL. Allow
users to request being exempted from the PBL.
- Block port 25 outbound, and allow users to request having the
filter removed. Operate a reliable relay that users may elect
to use. Don't block port 587.
- Deploy something similar to the Symantec 8600 (aka Turntide)
SMTP traffic shaping appliance, that can rate limit outgoing
spam without rerouting the SMTP connection (limitation:
it can't see through STARTTLS).
--
Viktor.
