On Tue, 9 Oct 2007, Skip wrote: | Unless I somehow had something configured improperly, the blacklists | were rejecting connection to the MTA before SMTP auth.
Hi, That's the problem - you don't want to do blacklist lookups for SMTP-AUTH submissions. FWIW we use Exim which has plenty flexibility to achieve this. I don't know the details for other MTAs. Alternatively, an MTA-independent solution is to separate your MX boxes from your submission boxes - the latter do no spam-filtering, but mandate SMTP-AUTH (and/or user-on-local-network IP). Ah - just seen Rob's said this better ;-)