Joshua Pruitt wrote:
>> The only way I can think of to do it would be to set up a separate IP
>> address for the domain in question.
>
> I figured.
>
>
>> Perhaps your solution isn't the best for the problem you're facing.
>> What's
>> the problem that this solution would solve? Some sort of security
>> issue I'm
>> guessing. Might a VPN be a way to handle your requirement?
>
> The situation is:
>
> One particular client, who, even in spite of anti-spam measures, for
> whatever reason, receives an unimaginably ridiculous amount of spam, has
> opted to use one of those third-party anti-spam relays. The way it works
> is, the MX for that domain is set to the SMTP servers of the third
> party, and then the messages are forwarded to my toaster, sans whatever
> percentage of spam.
>
> The issue is, even though the MXs are set to the third party's SMTP,
> many spammers still hit my toaster directly.
>
> Does that make sense?
>
> Hmm... Anyway, what it boils down to is, I just need to buckle down and
> bolster my own anti-spam measures.
>
> <tangent>
> Boy, email sucks. Sometimes, instead of trying to keep on bolting on new
> fixes, I think we need to scrap the entire system and build something
> new, from the ground up, designed for today's environment of misuse and
> distrust, rather than the environment of openness and community that the
> original email system was built for.
> </tangent>
>
> :) Thanks for the response.
>
> -Josh
>
I hear you. Many spammers keep the IP address, presumably so they don't have
to do DNS lookups. It's amazing how much spam keeps rolling in after you've
changed the MX for a domain.
Instead of a separate IP, how about a separate port? Can the anti-spam relay
use something other than 25? If so, you could set up a separate tcpserver
for smtp on whatever port and control traffic via the corresponding tcp.smtp
file (providing that you create a unique one for the new tcpserver). This
would be similar to what's set up for the 587 submission port.
Did you / your client consider TMDA? I've not been much of a fan of TMDA in
the past, but having worked with it a bit lately, I'm becoming more of a
convert. It's really not as intrusive as I was thinking, and can be
implemented nearly transparently with a little extra work. I particularly
like the fact that users can control their own configuration, although it
can be configured to be domain-wide if desired, or any combination.
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
