"Richard Shetron" <[EMAIL PROTECTED]> writes:
| 1) Converting back to sendmail,
What does sendmail do that qmail doesn't?
| 2) Is there anyway to have qmail check for certain text strings in either
| the headers and/or entire message and reject a message based on the header
| content, ie, alot of spam says things like From: some [EMAIL PROTECTED]
A wrapper around qmail-queue can check for anything you like, but
you'll have to code it. Or, if SMTP is all you care about, tweak
qmail-smtpd however you like.
The other approach is to arrange for qmail to send all smtp input on a
detour through a virtual domain that pipes every message through e.g.
awk. That's the approach the FAQ recommends---which I expect you've
already read---but it's less elegant than the qmail-queue wrapper, in my
opinion.
There are myriad anti-spam patches for qmail. Browse www.qmail.org
and pick the ones you like.
| 3) Can qmail be setup so we use a machine with sendmail as the spam
| filter and then have it pass the mail to qmail for deliver?
Obviously, but why bother.
| 4) Other suggestions?
|
| One of the complications we have is we're running a couple hundred or
| so virtual domains and some of the users are not local to our network,
| they connect via aol.com, earthlink.net, etc.
In other words, your real problem is that you have no idea which
network connections represent authentic users, so you can't prevent
spammers from using you as they will. You need to solve that problem
directly; no amount of content filtering will suffice to finesse it.
You must require that your remote users authenticate prior to
submitting any mail; that's elementary---users who want service need to
positively identify themselves first. There's various ways to do that,
see www.qmail.org for some.
The question arises, however, why those aol users don't just submit
their mail to aol's smtp server? Presumably an aol user, just like any
person on the internet, can submit a message to their local smtp server
(for which they are authenticated) with a "From:" line that has one of
your virtual domains in it (or indeed, any string they like). So why do
aol users need to use you as their injection point?
