Kristopher Austin wrote: > You state in your diagram that you plan to have the MSE box as the > secondary MX record. This would not be a good idea. From experience, > we have seen that spammers try the secondary MX first in hopes of > finding a server that is not protected by a spam scanner. This > obviously would not be what you want to happen.
Bingo. I have a similar setup in place (s/postfix/sendmail/) and I don't have my Exchange box listed as an MX at all. I also have port 25 to the Exchange box firewalled off at the router to avoid portscanning. I do allow remote users to send via the Exchange server, using SMTP AUTH, but I'd recommend using port 587 or port 2525 for this. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"