-Original Message-
From: David B Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, September 24, 2007 12:07 AM
To: Michael Scheidell
Cc: [EMAIL PROTECTED]; Amavis-Users
Subject: RE: Q about mail proxy servers and setups
On Sun, 23 Sep 2007, Michael Scheidell wrote:
For the
Michael Scheidell writes,
(oh, turn off Cisco's smtp mail fixup was another thing I found when
dealing with odd ball setups)
For the archive (someone might find it useful), a link to Ralf's page:
http://arschkrebs.de/postfix/postfix_cisco_pix_bugs.shtml
Mark
On Sep 23, 2007, at 5:17 PM, Michael Scheidell wrote:
Anyone have an answer that isn't obvious?
I already said I can't put it on the proxy.
No, you didn't. You mentioned that as an option.
And stop being rude to people who answer the question you asked.
--
Jo Rhett
Net Consonance :
Sometimes a large company will have a proxy server set up in the DMZ and
then send it to their internal mail server.
I understand that ideally, the proxy server would be replaces with a
SpamAssassin/MTA setup.
However, sometimes, client, security and company policy needs outweigh
logic.
I can
On Sun, Sep 23, 2007 at 01:50:43PM -0400, Michael Scheidell wrote:
[Please post to one list only. Since I'm not subscribed to
spamasassin-users, I removed that list]
Sometimes a large company will have a proxy server set up in the DMZ and
then send it to their internal mail server.
I
Every problem you've named here is solved by putting Amavis/SA on the
proxy instead of the internal system.
If the proxy doesn't do the spam-checking, and the internal system does
I can name a dozen other problems that will occur, the most important of
which will be backscatter. 2-step relay
On Sun, Sep 23, 2007 at 01:50:43PM -0400, Michael Scheidell wrote:
Sometimes a large company will have a proxy server set up in the DMZ and
then send it to their internal mail server.
...
#1, SPF. SPF helo, SENDERID
The proxy will be adding a received header, and announcing 'HELO/EHLO'
Anyone have an answer that isn't obvious?
I already said I can't put it on the proxy.
--
Michael Scheidell, CTO
Office: 561-999-5000 x 1259
Direct: 561-939-7259
Real time security alerts: http://www.secnap.com/news
_
This
Thanks, I hadn't thought about the backscatter problem.
If there is a proxy involved, then they HAVE to set (in amavisd) all
final destinations as 'DISCARD' and not BOUNCE.
I also think I will try to look at adding it to trusted networks in SA,
but excluding it from the internal networks in
