> If you use this machine for both incoming and outgoing mail *AND* you > have any remote users then you'll likely start rejecting mail from those > remote users.
Our remote users VPN into the environment, to send/receive directly through our internal servers. But you make a good point for others who might consider doing something like this. > Also, you'll want to escape the @ in your tests to avoid any unexpected > results. > you should probably make your relay test look like "$RelayAddr =~ > /^10\.0\.0/" as well (to anchor it to the beginning of the line) just to > make sure it doesn't mactch on some funky relay address (although it > shouldn't). Both of these are good ideas. :) > you may also want to put in some SPF tests in your filter and setup SPF > records for your domains (if possible). That may make it a little > easier to administrate in the future. We currently use SPF records in the external DNS world. For our own domains, the mail servers have their own DMZ-centric "view" of DNS, that includes internal NAT references and such, that are in a state of flux right now as we migrate servers from an old firewall/DMZ to the new. When everything stabilizes in that regard, I'll square away an appropriate SPF record for the DMZ version of our zones. > other than that, i don't see anything jumping out at me. Thanks for the excellent feedback, Alan. Ken _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang