At 11:30 15/06/03 +0200, Tony Earnshaw wrote:

>Ah. Does this make any difference to putting your MTA in a proxy-forwarding DMZ? Don't know what provision
>Sendmail has for defeating dictionary attacks and suchlike, but both Postfix 2.0 and Exim 4.20 can completely
>defeat them, so using Fetchmail isn't necessary. Also, both can be configured to refuse mail for non-existent
>user accounts. Which I don't believe Sendmail can.

Huh ? Of course Sendmail can refuse mail for non-existant user accounts. :)

This happens automatically for the "primary" domain name the server is configured with, but if you're doing multiple virtual domains using the virtusertable file then you need a wildcard entry per domain that looks like: error:nouser User unknown

Which makes sure all addresses at that domain that don't have explicit virtusertable entries are rejected, rather than trying to fall through to local accounts of the same name....

The Fetchmail alternative wouldn't work for large orgs, or those which demand instant e-mail.

Fetchmail just isn't a good route to follow anyway, the problem with "mail bagging" a whole domain using one pop account is that for many kinds of mail its impossible for fetchmail to know who the recipient was, so at the least you end up with that mail going to the postmaster who then has to manually forward it to the right person, (if they can figure out who that is) or if you're unlucky and you have fetchmail configured wrong, it can end up resending the mail and causing a mail loop, with mailing lists etc, much like the POP3 connector for MS Exchange does :/


This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
Spamassassin-talk mailing list

Reply via email to