Re: [exim] Exim4 As Spam Filter but Authenticate external SM…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Ian Eiloart
Date:  
À: ocl discussins, exim-users
Sujet: Re: [exim] Exim4 As Spam Filter but Authenticate external SMTP todifferent instance


--On 7 April 2008 14:22:52 -0400 ocl discussins <ocldiscuss@???>
wrote:

> I hope this makes sense, so here it goes:
>
> I am running 2 instances of Exim: eximFilter listening on port 25 on 1
> server and eximMail listening on port 26 on a second server.


Why? Read RFC 4409 <http://www.apps.ietf.org/rfc/rfc4409.html> and 5068

It says that you should provide port 587 for these purposes, and some MUAs
now use port 587 in their default configurations. It's good that you
separate the servers, though. That means that - provided there are no MX
records pointing to eximMail, it won't be likely to have any spam aimed at
it.

That said, you could also offer port 25 eximMail, but external users will
often find it blocked, so 587 is the way to go. You might also offer ssl on
connect on port 465, for those with M$ clients.

> eximMail is
> configured such that the users, domains, and mailbox locations are stored
> in a mySQL database. eximFilter simply uses a hubbed_hosts file to pass
> everything through to eximMail. This is actually an oversimplification of
> what is being done, but will serve the purpose for this discussion.
>
> The problem is that external mail users (ie., users from home using mail
> clients) need to be able to send mail through eximFilter, but must first
> authenticate before sending.


No, you don't need to do the filtering if people are authenticated. It's a
good idea to scan for viruses, but authenticated users are very unlikely to
be spamming.

> I don't want to duplicate my user listing on
> eximFilter server, but am also thinking if I configure eximFilter to read
> the mySQL database on eximMail it won't pass messages through as it
> should.
>
>
> Does anyone have any suggestions on how I might handle this scenario?
>
> tia!




--
Ian Eiloart
IT Services, University of Sussex
x3148