Indeed, I'd run port 25 and iptables it so that only the scanning
server can connect. Then force the users to use the standard port of
587 for outgoing smtp.
Erik
On 1/30/07, Eric Shubes <[EMAIL PROTECTED]> wrote:
Stephen Spicer wrote:
>
> Hello List,
>
> I have a small problem I though someone might have a solution for.
>
> I put an anti-spam server in front of our local qmail system and this is
> working pretty well, it has dropped the load on our qmail server
> drastically.
>
> The problem I'm having is spammers are sending email directly to our
> server bypassing the anti-spam server, I have tried a deny in
> /etc/tcpserver.d/tcp.smtp file but then we have problems with offsite
> customers connecting via smtp, I thought that smtp relay was supposed to
> get set if they have an authenticated account but apparently I'm not
> understanding fully how this is supposed to work.
Sounds to me like you need two tcprules (tcp.smtp) files, one for port 25
(allowing connections from your anti-spam server and deny everything else),
and a separate one for port 587 (submissions). In the present stock toaster,
the two qmail-smtp processes share the same tcp.smtp.cdb (tcprules) file. I
think you can simply configure a separate tcp.smtp.cdb (tcp.submit.cdb or
some other name) file, one for each port. Then change the appropriate run
file and qmailctl script accordingly.
Someone will undoubtedly correct me here if this isn't right, or there's a
better way.
EE, it might not be a bad idea to create a separate tcprules file for
submissions. I'm kinda surprised you didn't do this when you created the
submission port. :(
> Anyway I need Mr. Toaster to receive smtp connections from customers
> local and off subnet and only except email from our anti-spam system,
> other than that I want all smtp rejected. I thought about adding a deny
> for the spammers that are sending directly to the qmail system but there
> are really to many.
>
> Thanks for any help/ideas,
>
> Stephen
>
Do offsite
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
