Hi,
we've one "collecting" smtp server (without SA), one antispam
server (SA and this server sends outgoing email1) and one email server
(cyrus imap server). We've about 3000 active email users - here is a
fast picture
http://www.ajetaci.cz/skola/epi/zumpa/rychle_zapojeni_firewall_antispam_email.png
About filtering email - when the scanned email has SPF, Domainkeys
or DKIM =="pass", I've some rules with SCORE "-10" or so, so the email
is trustworthy. Including ours. But - yahoo, google etc. are
freemails, abused for spamming - let the spamcop live :)
Cituji Matus UHLAR - fantomas <uh...@fantomas.sk>:
On 04.04.13 13:03, Josef Karliak wrote:
antispam server is in dmz, emails are sent to antispam server thru
postfix on firewall. The firewall is for incoming emails from local
network and from internet. Firewall send emails to antispam server.
This server serves as an outgoing server too. I email isn't
outgoing to the internet, this server send the email to another
server - email server:
(incoming SMTP server)->(DMZ antispam server+outgoing)->(DMZ email
server for our users)
LAN / \NET
Well I'm completely lost here, how many mail servers do you have?
How do messages come from the internet to your network and vice versa?
Do your servers communicate with your antispam server by spamd protocol or
via SMTP?
SA has defined an internal network, so emails from inside are trustworthy.
Defining network as trusted and/or internal in SA does NOT mean that mail
will not be marked as spam. Trusted network only means that hosts will be
trusted not to fake Received: headers, which is later used in decising
whether to scan blacklists for server IPs.
And I use DKIM for signing internal emails (firewall signs all
emails from local and dmz zone), so it is not possible to filter
email as a spam from a local or dmz zone.
the only way to avoid SA from scanning mail is not to pass the mail through
SA. If you pass the mail through SA, it will be scanned and possibly marked
as spam.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu,
zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and check. If you've problem with sending emails to me, start
using email origin methods mentioned above. Thank you.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
