I don't want to tell you what to do, but spamdyke is pretty much useless in that configuration. In order to be effective, spamdyke needs to be on the perimeter, connecting directly to the sending servers. You'll need to put spamdyke in front of the mailscanner nodes for it to be at all effective.

Have you thought of putting the mailscanner nodes behind spamdyke? That'd be fairly easy to do, but you'd need 2 qmail hosts to accomplish it, one with spamdyke in front, and another behind handling delivery. For that matter, you could put a postfix server (or whatever else you like, like exchange perhaps) behind the mailscanner nodes. That would be an effective, and I would guess fairly common configuration.


Personally, I would simply use QMailToaster and forget about the mailscanner nodes. ;)

--
-Eric 'shubes'

On 09/29/2014 03:59 AM, Faris Raouf wrote:
Can someone point me in the right direction please?

I’m setting up a couple of av/anti-spam mailscanner nodes. These nodes
will process email for two particular domains, then send the filtered
messages on to a more general purpose hosting/email system that’s
running spamdyke and deals with email for many other domains.

I want to stop this hosting system from accepting mail from any IPs
other than the mailscanner nodes, but just for these two particular domains.

I know how to create a domain-specific config file for spamdyke. What
I’m not terribly sure of is how to blacklist all and allow only the IPs
I want.

Can I do it by ip-blacklisting 1-254. and ip-whitelisting the IPs I want?

e.g, in the domain-specific config file:

#blacklist all

ip-blacklist-entry=1-254

And in my global spamdyke.conf I’d have the mailscanner nodes
whitelisted, so I don’t have to do it in lots of files if they ever
change IPs):

#whitelist IPs of mailscanners

ip-whitelist-entry=1.1.1.1

ip-whitelist-entry=2.2.2.2

Or does the 1-254 format only work when I’m using an ip blacklist FILE?

Any help/suggestions would be appreciated!

(background  - I don’t want to run clamd/Spamassassin on emails coming
in from the IPs of the mailscanner nodes, but have no way to switch
scanning off only for email that comes in via a particular IP. My only
option is, therefore, to switch off av/sa completely for the domains in
question on the hosting system, and then only allow email to come in for
them from the IPs of the mailscanners. The system running spamdyke also
hosts normal email for other domains, so I can’t firewall port 25 or
anything like that….)

Thanks,

Faris.



_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users




_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Reply via email to