Kristopher Austin wrote:
> You state in your diagram that you plan to have the MSE box as the
> secondary MX record. This would not be a good idea. From experience,
> we have seen that spammers try the secondary MX first in hopes of
> finding a server that is not protected by a spam scanner. This
> obviously would not be what you want to happen.
Bingo. I have a similar setup in place (s/postfix/sendmail/) and I don't have
my Exchange box listed as an MX at all. I also have port 25 to the Exchange
box firewalled off at the router to avoid portscanning.
I do allow remote users to send via the Exchange server, using SMTP AUTH, but
I'd recommend using port 587 or port 2525 for this.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
