>Hmmmm :) We have been trying to get this one sorted for a month now. We are
>using Trend Interscan AV & Imail on the same machine. The only thing you
>can do is to set the allowable domains list. This has a limit of 1024 chars
>in the GUI, and 8024 via the INI file.
>
>I spoke to Trend support yesterday and the only way to make it secure, in a
>ISP situation ie. 1000s of domains, is to sandwich the AV between two
>SendMail daemons on a Unix server.
they haven't heard of IMGate!!
>We have invested a fair junk of money in this product and cannot afford to
>ditch it.
> This is one possible solution.
>Setup up a firewall
>Add two IMGate machines behind it,
put the IMGate machines outside of the firewall as "bastion mail
hosts" but inside the border router. This keeps all the incoming
abuse out of the firewall and the outgoing devliveries out of the
firewall. simplifies your firewall rules.
>and have them forward onto the AV/IMail server.
>Sit Trend AV on port 25 and IMail on 10025. Have the AV forward all messages
>to 127.0.0.1:10025
>Add a rule to the firewall so that only the IMGate machines can talk to the
>AV/IMail box on port 25
... and that the IMail/AV forwards the outbound to IMGate for
delivery. Point the IMGates' DNS settings to an upstream recursive DNS.
>This should work!
uh, "will" :)))
Len
http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
