Perhaps a little clean history is in order.
We have 6 pretty decent Debian Linux machines handling inbound mail as mx
servers. All MX records are set to the same preference so we load balance
pretty well.
Each server does the prelim stuff, HELO checking, valid envelope, stuff like
that and there are some deny's from these fatal things.
We also do some dictionary attack stuff in Exim but we also run IPtable
rules to kill the real DOS stuff.
Off to ClamAv to get accepted or dropped like a rock
Next we go into sender/recipient verification which dumps a lot of crap as
well.
Then we go into DNSBL which only tags headers.
Then on to a few other ACL's and then off to Spamassassin/Razor for scoring
Then it's finally sent on to the primary mail cluster which is a cluster of
Windows based mail servers doing both secure and unsecure POP, SMTP, IMAP,
and also Authenticated SMTP for outbound.
Outbound: Another 6 Exim servers load balanced
Outbound mail checked again almost with the same intensity as inbound mail
before sent out. No spamassassin on the outbound side.
We serve over 11,000 domains and somewhere in the order of 300k email
accounts. We simply cannot drop mail unless it's obvious that there is a
problem. We do not have the ability to stop mail from coming in to our
network because its from Korea or someplace. Many of our hosted customers
are international. Not even for reverse DNS can we dump mail. Do you have
any idea how many idiots are running in house exchange servers and have no
clue what they are doing so reverse dns is not an option for dumping mail.
So all this crap finally hits the primary mail cluster and there it is very
well scored and marked up in the header with all kinds of tags. We even have
custom ACL's for spamassassin to rate the score so people can filter on it.
The filtering works fine but, and here is the main cluster Fu..., our mail
servers don't look beyond the first "from" when they compare inbound mail
against the user's white lists. So any false positives must be handled with
a content filter rather than just the simple white list provided by the mail
server software.
Yes, I know it's a problem with the mail systems but there is no options
with them right now. If I can just get rid of the damn first "From" header
in the email or move it down life would be a scotch on the rocks next to the
pool.
Want to know more?
--
View this message in context:
http://www.nabble.com/Changing-Email-Identity-tf2425071.html#a6765574
Sent from the Exim Users mailing list archive at Nabble.com.