Re: [AMaViS-user] Marc: use SPF to prevent backscatter? Was RE: Q about mail proxy servers and setups

2007-09-24 Thread Jo Rhett
Marc, you shouldn't be bouncing e-mails back at all. Use D_REJECT and make sure you're doing it at the SMTP layer. SPF or DKIM is irrelevant in this situation. On Sep 23, 2007, at 5:31 PM, Michael Scheidell wrote: One thing I would like to see (and this is a different subject: Marc: take n

Re: Q about mail proxy servers and setups

2007-09-24 Thread Mark Martinec
Michael, > I tried. That was my first suggestion. That would fix graylisting > (which I don't do), fix SPF an SPF HELO, and SENDER ID, blacklisting, > tarpitting, etc. SPF, sid, blacklisting etc. work just fine on an internal host as long as the proxy is preserving the information about the cli

Re: Q about mail proxy servers and setups

2007-09-24 Thread mouss
Michael Scheidell wrote: -Original Message- From: David B Funk [mailto:[EMAIL PROTECTED] Sent: Monday, September 24, 2007 12:07 AM To: Michael Scheidell Cc: users@spamassassin.apache.org; Amavis-Users Subject: RE: Q about mail proxy servers and setups On Sun, 23 Sep 2007, Michael

RE: Q about mail proxy servers and setups

2007-09-24 Thread Michael Scheidell
> -Original Message- > From: David B Funk [mailto:[EMAIL PROTECTED] > Sent: Monday, September 24, 2007 12:07 AM > To: Michael Scheidell > Cc: users@spamassassin.apache.org; Amavis-Users > Subject: RE: Q about mail proxy servers and setups > > > On Sun, 23

Re: Q about mail proxy servers and setups

2007-09-24 Thread Matus UHLAR - fantomas
> Michael Scheidell wrote: > > Sometimes a large company will have a proxy server set up in the DMZ and > > then send it to their internal mail server. I understand that ideally, > > the proxy server would be replaces with a SpamAssassin/MTA setup. > > > > However, sometimes, client, security and c

RE: Q about mail proxy servers and setups

2007-09-23 Thread David B Funk
On Sun, 23 Sep 2007, Michael Scheidell wrote: > For the purposes of this discussion, the biggest reason I can't be on > the edge where Id like to be is that there is a massive proxy/load > balancer/failover device that does more than email. > > Many firewalls 'proxy' the email also, so its not lik

RE: Q about mail proxy servers and setups

2007-09-23 Thread Michael Scheidell
Thanks, I hadn't thought about the backscatter problem. If there is a proxy involved, then they HAVE to set (in amavisd) all final destinations as 'DISCARD' and not BOUNCE. I also think I will try to look at adding it to trusted networks in SA, but excluding it from the internal networks in amav

Re: Q about mail proxy servers and setups

2007-09-23 Thread mouss
Michael Scheidell wrote: > Sometimes a large company will have a proxy server set up in the DMZ and > then send it to their internal mail server. > I understand that ideally, the proxy server would be replaces with a > SpamAssassin/MTA setup. > > However, sometimes, client, security and company pol