On 1/26/2023 1:44 AM, Matus UHLAR - fantomas wrote:
On 25.01.23 10:24, Matus UHLAR - fantomas wrote:
I forgot to mention I use amavisd-new because of these reasons.
To be more precise, when receiving mail from internet on port 25, I
prefer amavisd-milter talking to amavisd so we can reject mail
immediately, while clients from port 465/587 talk to amavisd-new using
LMTP and amavisd-new injects mail back via LMTP on alternative port.
in some networks, even port 25 from LAN goes via LMTP to amavisd-new,
and port 25 from the world is redirected onto other port with
postscreen and milter.
I think it's best to wean users off the 20+year deprecated idea of using
port 25 for submitting mail.
I should also add that if you want to avoid scanning of outgoing e-mail
with spamass-milter, you can simply use its options "-I" that ignores
all authenticated e-mail and "-i" that takes a list of networks from
which mail is not scanned.
Also, I think it's a bad idea to give submitted mail a free pass. Very
often this is what gets you listed on CBL / XBL, when MS Outlook malware
is using valid credentials to spew.
But filtering needs differ for submission and MX mail. DNSBL checks on
submission are useless. But URIBL content scanning is very effective.
--
http://rob0.nodns4.us/
