--
Quoth Brett Thorson on Thu, Feb 13, 2003 at 11:03:47 -0500
> I have configured exim to work with majordomo and mailman, and I think it is
> great.
Why both mailman and majordomo?
> The mail server would be outside the firewall, and be used for incoming e-mail
> from everyone, and relaying for employees outside our network (working from
> home, authenticated with TLS / OpenSSL).
Do make sure that your mail server is running IPchains -- or whatever
firewall software your OS likes -- otherwise you may have some nasty
surprises. I'd have some intrustion detection system there as well as
well as some monitoring tools -- write in C not in a Pathetic Excuse for
a Real Language.
As for mail authenticity there is something called AUTH that you should
look at. It's somewhere in the manual. Of course your users can use
ESMTP as well -- which is a good idea if they are coming from hostil
networks. A hostil network is any where you do not have root access on
the routers.
> We would have a spam filter program accepting mail on port 25. If the mail
> passes through the filter, then it gets sent into Exim for processing on an
> unadvertised SMTP port. Exim would restrict connections to this hidden port
> to the output of the SPAM filter (Same machine basically). It would also
> stop relaying.
No need to do that as you can run Spamassassin from Exim itself.
> I would also like to run a relay for home users. Using the SSMTP port, accept
> and verify users, and then allow that mail to be sent through anywhere.
See AUTH.
> Do I have the basics right? Or would I look at an option where everyone
> connects to port 25. Then if they don't start a secure connection
> TLS/Openssl with authentication I deny forwarding, and pass them to the spam
> filter. If they do open a secure connection and authenticate properly, I let
> them do whatever they want.
You want something that does: port 25 -> black list -> ACLs (-> AUTH)
spamassassin -> virus scanner -> system alias -> system filter ->
mailman mailing list -> user filter -> users delivery. At least that's
how I would use it.
> Advice, or even "Look at this document for clues" would be greatly
> appreciated. Thank you all so much for your support thus far. The user
> community here is great!
I've written a white paper on Exim a while back which may help:
http://gridlock.york.ac.uk/~yann/lsm.pdf
I'd read the whole of the manual as well. Trust me, it's worth spending
the time doing it.
--
yann@??? -=*=- www.kierun.org
PGP: 009D 7287 C4A7 FD4F 1680 06E4 F751 7006 9DE2 6318
IRC: nick kierun, server spod.uk.amiganet.org, channel #sanctus
NNGS: nick kierun, server nngs.cosmic.org, port 9696.
--
[ Content of type application/pgp-signature deleted ]
--