From: Alan Munday (postfixbrightheadtechnology.com)
Date: Thu Mar 11 2004 - 14:13:41 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Noel

As the firewall administrator I would pause and consider for a very long
time before turning off the SMTP proxy service it offers. Indeed the
anti-spam features it operates reject about 33% of the spam I see presented.

If I were to remove the proxy address from mynetworks then I won't get any
mail. This has been proved several times in the past and in the changes I
tried yesterday.

The firewall may not be doing anything that Postfix can't do, but by doing
it it takes a significant load from Postfix and Postfix never sees or has to
process this mail.

While the originating addresses for SMTP traffic are logged by the firewall
to the mail logs I would welcome information as to the benefit of not using
the firewall proxy.

Thanks for your comments.

Alan

-----Original Message-----
From: Noel Jones [mailto:njonesmegan.vbhcs.org]
Sent: 11 March 2004 18:39
To: Alan Munday
Subject: Re: SMTP Proxy and smtpd_recipient_restrictions/permit_mynetworks

While it is certainly possible the firewall/proxy has it's own
anti-relaying settings, I would strongly encourage you to exclude that IP
from mynetworks. If nothing else, it will make your existing postfix
restrictions more effective and easier to apply to incoming mail.

If the firewall/proxy does not have the ability to present the real IP
to your postfix box, consider if you really need to use the proxy.
It's unlikely the proxy does anything you can't already do with
postfix. It's unlikely the proxy is any more secure than postfix.

Check with the vendor of the firewall about presenting the real IP.
Without that important information, your logs are virtually
untracable, and you are unable to use any sort of IP based tests.

Post any followups to the list please.

--
Noel Jones

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]