Glenn English:
>
> On Apr 1, 2010, at 5:36 PM, Wietse Venema wrote:
>
> > So why must this be a Postfix-as-proxy, instead of a complete
> > Postfix-with-queue instance?
>
> Like I said, I'm not at all sure it does. But I'm told that there
> should be an SMTP reverse proxy running on the firewall to protect
> the full server from "delivery attempts
> to never-existed addresses (with a subclass for never-existed addresses
> that match the format(s) of your generated Message-IDs), attempts to use
> VRFY and EXPN, attempts to use RCPT that are aborted (likely indicate
> spam-supporting abusers doing external SAV), and so on".
Postfix can take care of that just fine, including overload-adaptive
behavior. You can turn on chroot (use a *BSD machine to avoid chroot
jail bloat) for an additional safety net.
Wietse
> Just trying to decide whether I want to do it, and I think I've been
> convinced on this list that I don't.
>
> Thanks all...
>
> --
> Glenn English
> g...@slsware.com
>
>
>
>
>
