> told me one thing set my firewall to only allow smtp > connections from postini which I can't because she > didn't pay for the entire office to have postini.
First, you need to address your MX records, which are currently: 20 alt1.aspmx.l.google.com. [TTL=14400] IP=74.125.113.27 (No Glue) [TTL=293] [US] 21 mail.itc-llc.com. [TTL=14400] IP=72.18.136.14 [TTL=14400] [US] 20 alt2.aspmx.l.google.com. [TTL=14400] IP=209.85.227.27 (No Glue) [TTL=293] [US] ... Including your mail server directly in the MX records defeats the point of using a filtering service such as Postini. The spammers will be looking for a non-known-filtering hostname and will connect directly to that server and bypass the filtering entirely (probably why having Postini hasn't helped you much). Use caution here though. You mentioned you're only paying for filtering on the one mailbox, so you will need to determine if Postini will still forward inbound mail for other mailboxes or if they will reject it. If they will forward for other mailboxes without filtering, keep going below. If they will reject mail for any mailbox which they're not filtering for, then your boss will need to pony up and pay for filtering on all mailboxes or find a different filtering solution. I'll assume for the moment that Postini will forward for mailboxes they're not filtering for (BIG assumption, verify that before you go any further). Assuming Postini will accept and forward mail even for mailboxes you're not filtering, you should remove your mail server from the MX records and ONLY publish the Postini servers. If your MX records are routing mail through Postini, then that is the only place that should be connecting to your mail server. They would still be the ones forwarding that mail to your server, hence you can block any other SMTP connections at the firewall and give your mail server a rest. Now, for outgoing SMTP for your users, you would then need to reconfigure their computers/devices to use an alternate port to connect to the server (since you just firewalled port 25). I'd suggest port 587 with SMTP authentication enabled (submission port) which is supported by most e-mail servers for private mail relay (for outgoing messages). Right now you still have your mail server published in the MX records, so spam can come directly to it regardless of the other MX records you have published and the gates are wide open. -Justin Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:324312 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
