Autor: Mike Cardwell Fecha: A: exim-users Asunto: Re: [exim] NATted exim on receive
Alun wrote:
> I'm looking at making a copy of exim run on our site firewall,
> intercepting all attempts (from outside) to contact port 25 for every
> internal host. There are several reasons for doing this. First off, we
> don't publish MX records for everything inside Aber, but some people
> manage to quote their addresses wrong (e.g. doing auj@???
> rather than auj@???). When they do this it results in mail
> getting stuck at the other end as the remote server tries repeatedly to
> talk to a closed port. Having a dummy exim sitting on port 25 for our
> entire network allows me to bounce these messages immediately.
> Secondly, doing this I can maintain a blacklist of portscanning
> machines and machines that are trying to use us as an open relay.
> Finally I can tarpit the same machines.
I might be missing the point, or several points, here, but why don't you
just set up a wildcard MX record for *.aber.ac.uk to point at your real
MX? I know that's not much use for the rest of your
tarpitting/portscanning stuff but it should solve your main problem, no?