On Fri, Jan 30, 2004 at 02:24:35PM +0200, Johann Spies said:
> --
> Given the following setup:
>
> MX 10 mailserver 1
> _______________ ____________/
> | Internet |---| spamscanner| MX 20
> --------------- ------------\
> mailserver 2
>
>
> The current setup is without "spamscanner" thus the MX record for the
> two mailservers is 10.
>
> I have to set up spamscanner in a very short time. It's sole function
> will be to reject mail that spamassassin identified as spam and pass
> the rest on to mailserver 1 and 2. I have decided to use Debian Sarge
> because of the availability of exim4 with exiscan-acl.
You DO realize that a LOT of spamware delivers directly to higher level
MX hosts right? So if you are doing something like:
MX 10 spamscanner
MX 20 mail1
MX 20 mail2
you will still get LOTS of spam to mail1 and 2 especially if you issue
tempfails on spamscanner - it will fall back to delivering to mail1 and
2.
What you will need to do is have mail1 and 2 NOT be accessable from the
internet., and either use internal DNS or no MX records for them.
