Michael Maymann: [ Charset ISO-8859-1 unsupported, converting... ] > Hi Wietse, > > thanks for your kind reply...:-) ! > You're right... > > - We currently have a setup where all mail from R&D internal->external is > send to my mailrelay in a specific site, as our_isp_relay only allows us to > send from there to their mailrelay - no restrictions (this is not our > primary mail). > - Our_isp_relay has already blacklisted my mailrelay twice, caused by > reputation based filtering - no spamming occurred though (all known domains > at-least...), but the number of mails was rather high...
You need to rate-limit the clients. Use policyd or postfwd or something with similar capabilities. > - We are about to send monitoring alert through my mailrelay pretty soon, > and therefore I would like to avoid spam filtering if possible - but saw > domain-whitelisting as a solution to limit damages to a minimum if a host > goes hostile... Rate limit the clients, and you won't have to keep updating whitelists. If you have PC-class systems on the network, having anti-spam/virus on the mail server would be a good idea because some box will get infected. > - Our Printers are also on the R&D network and they need scan->email > functionality, so I still need to allow printers to send to anyone. You need to exclude the printers from the rate limit. Wietse > - 99.96% of mail going through my mailrelay goes to our own official > mailboxes, so my thinking was to route all this directly to our official > mailserver and get my mailrelay whitelisted there (so no spamfiltering is > done on mails from this IP)... > > Thanks in advance :-) ! > ~maymann