RE: SMTP Service in private DMZ OK?

Matthew.van.Eerde_at_hbinc.com
Date: 02/03/04

  • Next message: Pierre Dufresne: "Tightening up security for quarantine script"
    To: rootmoose@telia.com
    Date: Tue, 3 Feb 2004 09:26:23 -0800 
    
    

    > know your setup. I use a dead simple spooling SMTP forwarder pair
    > on the firewall with virus checking and spamasassination of
    > the spooled mails inbetween, the real mailserver never sees the real
    connections
    > from the outside. It is thus configured to eat all and spit back what
    > it doesn't like. But all the stuff before the mailserver is of course
    > Unix, so I'm cheating here...

    I have the exact same setup. I used to just accept all inbound mail to the
    gateway, and forward it to the Exchange server. I then noticed that the
    Exchange server spent a lot of time and bandwidth generating the
    undeliverable replies, which more often than not did not go through because
    the original email had a falsified From: address (virus/spam.)

    When I moved to rejecting invalid email addresses during the SMTP
    conversation, the number of incoming and outgoing emails to the Exchange
    server dropped dramatically.

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Pierre Dufresne: "Tightening up security for quarantine script"