Peter Smith wrote: > Here's my situation: > > server1: mail gateway, runs Spamassassin > server2: multi-purpose server. hosts http, mail boxes, pop/imap, runs > sendmail and Spamassassin. > example.org: my domain. The MX record points to server1, A record > points to server2 > > The problem with this setup of course, is that spammers tend to send > directly to server2, bypassing server1 (the mail scanner/filter). > > My original idea was to either configure server2 to reject mail not > arriving directly from server1 (either via iptables or sendmail.cf). > The problem is that I have a dozen or so users who use SMTP AUTH to > relay mail out through server2. Sometimes this mail will be relayed > to 3rd party domains, other times it will be sent to fellow users on > example.org. > > My thoughts at the moment are to write some Spamasssin rules for > server2 which will penalize mail which doesn't arrive from server2 > (or localhost) and wasn't sent by an authenticated user. Does this > sound like a good way to proceed? Perhaps I'm missing a simpler way > to do things?
There is no reason to get SA involved with this. That would probably be the least efficient way to do it. The best idea is to set server2 to accept authenticated mail from anywhere, but only accept non-authenticated mail from server1. If server1 can be set to authenticate itself, you can simplify even further and just disallow all non-authenticated mail on server2. -- Bowie
