NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2004-03

RE: SMTP Proxy and smtpd_recipient_restrictions/permit_mynetworks

From: Alan Munday (postfixbrightheadtechnology.com)
Date: Thu Mar 11 2004 - 15:09:14 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Points noted.

And as I am not comfortable at disclosing the products or architecture, for
what I hope are obvious reasons, I'll thank people for their contributions
and close the discussion for the moment.

I'll be with the firewall manufacturers next week and will discuss their
proxy with them then.

I'll let people know any conclusions from this.

Alan

-----Original Message-----
From: owner-postfix-userspostfix.org
[mailto:owner-postfix-userspostfix.org] On Behalf Of Noel Jones
Sent: 11 March 2004 20:41
To: postfix-userspostfix.org
Subject: Re: SMTP Proxy and smtpd_recipient_restrictions/permit_mynetworks

Firewalls in general are a good thing. Proxies in general are not
needed with postfix and only add to the complexity of the mail plant
with little real benefit.

I can't comment on the specific firewall/proxy you have as you haven't
named it. If you're satisfied with it's benefits and limitations, you
are certainly free to use it. Regardless of any benefits, I would consider
its inability to present the real client IP a severe limitation.

Unless the proxy offers a clear and compelling benefit, I would rather
have the simplier mail flow using only postfix.

I would consider a 33% reduction in spam rather modest. You can
probably achieve the same using a single RBL such as sbl.spamhaus.org
or list.dsbl.org, without overly taxing the postfix box.
Unless your postfix box is already overburdned, you are unlikely to
notice any difference in performance.

A proxy of this type is best suited to be used in front of a rather
simple mail server that cannot do these things itself in a secure and
reliable manner.

And I fail to understand how excluding the firewall IP from
mynetworks will cause you to not receive any mail.
If you can give some specifics about this and provide some log
entires, I'm sure I or others here can help you work it out.

--
Noel Jones

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]