On Thu, Apr 01, 2010 at 08:15:29PM -0600, Glenn English wrote:
> > So why must this be a Postfix-as-proxy, instead of a complete
> > Postfix-with-queue instance?
>
> Like I said, I'm not at all sure it does. But I'm told that there
> should be an SMTP reverse proxy running on the firewall to protect the
> full server from "delivery attempts to never-existed addresses (with a
> subclass for never-existed addresses that match the format(s) of your
> generated Message-IDs), attempts to use
> VRFY and EXPN, attempts to use RCPT that are aborted (likely indicate
> spam-supporting abusers doing external SAV), and so on".
Not everything you hear on the Internet is true, kind or wise.
This said, many folks operate perimeter Postfix servers with a full queue
(not reverse proxies) in the DMZ. There is nothing wrong with DMZ Postfix
servers, if your network architecture is more conducive to a deployment
of this type.
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.
