RE: SMTP Service in private DMZ OK?

• Previous message: Houston, Scott: "RE: Controlling Admin Access"
• Maybe in reply to: Matthew.van.Eerde_at_hbinc.com: "RE: SMTP Service in private DMZ OK?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: rootmoose@telia.com
Date: Tue, 3 Feb 2004 09:26:23 -0800 

> know your setup. I use a dead simple spooling SMTP forwarder pair
> on the firewall with virus checking and spamasassination of
> the spooled mails inbetween, the real mailserver never sees the real
connections
> from the outside. It is thus configured to eat all and spit back what
> it doesn't like. But all the stuff before the mailserver is of course
> Unix, so I'm cheating here...

I have the exact same setup. I used to just accept all inbound mail to the
gateway, and forward it to the Exchange server. I then noticed that the
Exchange server spent a lot of time and bandwidth generating the
undeliverable replies, which more often than not did not go through because
the original email had a falsified From: address (virus/spam.)

When I moved to rejecting invalid email addresses during the SMTP
conversation, the number of incoming and outgoing emails to the Exchange
server dropped dramatically.

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Houston, Scott: "RE: Controlling Admin Access"
• Maybe in reply to: Matthew.van.Eerde_at_hbinc.com: "RE: SMTP Service in private DMZ OK?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]