Actually, McAfee WebShield SMTP has a pretty nice anti-relay feature. For
our small site (<250 users) it runs just fine on the same server as Imail.
The content filters are much easier to set up than Imail's, but may not be
as flexible. No SMTP Auth though.
Dan
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Len Conrad
Sent: Wednesday, August 23, 2000 9:54 AM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] AntiRelay
>We are running Trend Interscan and I want to know how to lock down our
Imail
>server to stop relaying. Interscan runs on port 25 and forwards all email
to
>port 10025 where IMail resides. The problem with using the 'accept.txt'
file
>is that you need to specifiy individual users who can relay, you cant just
>put @xyz.com or @abc.com. Is there anyway around this? At present I have a
>open relay :(
Let' see if I can't add a few "(" to that singular ":("
The pb I've heard with these av scanners front-ending to Internet is
that they have no anti-relay. They accept everything, so the RSS &
ORBS probes conclude the server is open relay. :((
afaics, closing the relay of Imail does nothing in this above situation.
:(((
The other pb with AVS + Imail on same machine is SMTP AUTH. You tell
your users to send their outgoing to Imail.domain.com but :25 is the
AV thingy, and he can't do SMTP AUTH since he doesn't know about your
users, only about domains. :((((
Of course, these av scannners are horribly CPU and disk expensive, so
if you're doing also-expensive Web messaging all on the same box,
you're stepping in it. :(((((
"Apart from that Mrs. Lincoln, how was the play?"
Whatever, to close relay in Imail:
1. at you border route, block spoofing of your internal ip's.
2. in Imail, "relay for addresses" and enter your adddresses
3. in Imail, NT hosts file, enter your default ip and imail host name.
4. in Imail, UNcheck Disable SMTP AUTH reporting
5. in your users' mail programs, activate SMTP AUTH
Get smart, Phil:
1. put the AV on its own box, with hostname avbox.ISPdomain.com
2. put Imail on its own box.
In DNS:
domain.com. MX 10 avbox.ISPdomain.com.
mail.domain.com. MX 10 avbox.ISPdomain.com.
smtp.domain.com. MX 20 smtp.domain.com.
pop.domain.com. A ip of Imail
smtp.domain.com. A ip of Imail
webmail.domain.com. A ip of imail
Tell you web surfer to pick up their mail here: http://webmail.domain.com
Tell your users of mail programs:
1. Turn on SMTP AUTH
2. send outgoing mail to: smtp.domain.com
3. read POP3 mail at: pop.domain.com
Len
http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 installable binary for NT4
http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
