Michael Scheidell wrote:
-----Original Message-----
From: David B Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, September 24, 2007 12:07 AM
To: Michael Scheidell
Cc: users@spamassassin.apache.org; Amavis-Users
Subject: RE: Q about mail proxy servers and setups
On Sun, 23 Sep 2007, Michael Scheidell wrote:
For the purposes of this discussion, the biggest reason I
can't be on
the edge where Id like to be is that there is a massive proxy/load
balancer/failover device that does more than email.
Many firewalls 'proxy' the email also, so its not like you
can take it
out.
Is there any chance you can talk them into running a
-transparent- SMTP proxy rather than a SMTP relay? It acts
more like an ISO layer 2 bridge (but specific to SMTP
traffic) so not to disturb the contents.
As you might suspect, one of the IT people at this company who has been
there 20 years wrote the thing.
I tried. That was my first suggestion. That would fix graylisting
(which I don't do),
not important. but see below.
fix SPF an SPF HELO, and SENDER ID,
if the proxy adds the righht Received headers (the same way postfix and
sendmail would do), there should be no problem if you configure
trusted_networks and internal_networks (thanks to matus for the reminder).
blacklisting,
tarpitting, etc.
MIGHT fix p0f, but don't know.
I am going to write up a whitepaper on why NOT to put an anti-spam/MTA
behind a proxy, cite all relevant, good suggestions and send it to them.
it really depends on whether you can add a box before the proxy to
implement blacklisting and other things. (but if the proxy needs the
client IP, some work is needed. so it's a budget question).
