Paul Tenfjord wrote: > I'm setting up a Spam&Virus mail firewall (forwarding only). > This is a MX only server, it has no pop3/imap, it's only purpose is > to clean mail and route it to the next server which then delivers it > to imap accounts. For this purpose I am considering Postfix, as I am > familiar with it.
I'll leave the implementation details to someone else, I've just got a general comment on this setup. Make sure that this mail firewall can reject mail to unknown users. Otherwise, it will be overwhelmed by having to scan way too many messages, have a mail queue full of undeliverable bounces, and be responsible for sending "Delivery Failure" spam to all of the forged senders. If the mail firewall can reject unknown users, it will not have to spend any time scanning those messages and since it rejects them up front, it doesn't have to send DSNs for them. On my system, this reduces the load on my mailserver by 75%. You may not see this dramatic a difference if you don't get lots of dictionary attacks, but you should still do it to prevent bouncing messages back to the people who have had their email addresses forged. -- Bowie
