Michael Maymann:
[ Charset ISO-8859-1 unsupported, converting... ]
> Hi Wietse,
>
> thanks for your kind reply...:-) !
> You're right...
>
> - We currently have a setup where all mail from R&D internal->external is
> send to my mailrelay in a specific site, as our_isp_relay only allows us to
> send from there to their mailrelay - no restrictions (this is not our
> primary mail).
> - Our_isp_relay has already blacklisted my mailrelay twice, caused by
> reputation based filtering - no spamming occurred though (all known domains
> at-least...), but the number of mails was rather high...
You need to rate-limit the clients. Use policyd or postfwd or
something with similar capabilities.
> - We are about to send monitoring alert through my mailrelay pretty soon,
> and therefore I would like to avoid spam filtering if possible - but saw
> domain-whitelisting as a solution to limit damages to a minimum if a host
> goes hostile...
Rate limit the clients, and you won't have to keep updating whitelists.
If you have PC-class systems on the network, having anti-spam/virus on the
mail server would be a good idea because some box will get infected.
> - Our Printers are also on the R&D network and they need scan->email
> functionality, so I still need to allow printers to send to anyone.
You need to exclude the printers from the rate limit.
Wietse
> - 99.96% of mail going through my mailrelay goes to our own official
> mailboxes, so my thinking was to route all this directly to our official
> mailserver and get my mailrelay whitelisted there (so no spamfiltering is
> done on mails from this IP)...
>
> Thanks in advance :-) !
> ~maymann
