On 10/11/2018 01:35 AM, Matus UHLAR - fantomas wrote:
I for example run spamass-milter with -r 10 (rejects score over 10)
at one machine, and amavisd-milter with "spam_kill_level_maps =>
10", along with postscreen.
This way mail gets refused when listed in DNSBLs, while not when
DNSWL (but still when DNSBL score is higher than DNSWL) and also
when SA detects it's score is over 10.
On 11.10.18 09:03, Grant Taylor wrote:
But that's doing the RBL checks in SpamAssassin, not directly in the
MTA.
postscreen does the hecks as part of the MTA. both DNS and manual whitelists
are applicable.
...clients from internal networks run SA as content_filter
(post-queue) so they don't complain sending mail (SA scanning at MTA
level) taked too long.
That's why I tended to have different email hygiene configurations on
the MSA and MTA(s). Ideally the client submits to the MSA with
minimal checks, after all we know who the message originated from
based on authentication. The MSA will then smart host the message
through the MTA, which does more hygiene checking.
MSAs should run on ports 465 and 587, which are easy to configure
differently.
different configuration of port 25 (many clients use because of backward
compatibility) can be achieved by listening on different interface, e.g. by
redirecting internet traffic to different IP or port (on gateway or in the
local firewall)
I originally migrated to this configuration when I had clients on dial
up connections run into timeouts whens s l o w l y sending
attachments. So they can take as long as they need to (or not) to
send to the MSA, which can then quickly send to the MTA with
filtering.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
