9 Apr
2004
9 Apr
'04
3:32 p.m.
begin Friday 09 April 2004 16:56, Eric Dondelinger quote:
On sendmail, you could use a milter to do this. But I'm sure that on
postfix it must be possible to do this as well, after all the SPF guys
must be addressing a similar problem.
[...]
Indeed, this takes some cooperation by the different "institutions"
that are handled by the gate.
[...]
For this, the gate would have to know all users on the
internal
network - this is totally impractical in this case, as the gate
here handles mail for a number of different institutions, each
with their own mailservers maintained by themselves with their
own mailboxes. The gate here is relay, and relay only.
Ooops :-(
Additional
advantage: you avoid unwittingly "bounce-spamming" people
if some virus forges a From and sends to a non-existant users on your
system.
That is an advantage for sure. We might think about adding AV
checks on the external MX (if mail obviously viral, then generate a
5xx message, for which the AV scan would have to be done while the
connection is still going - this on postfix),
To:User1.Name@linux.lu RELAY
To:User2.Name@linux.lu RELAY
...
To:linux.lu ERROR:"430 Mail to linux.lu delayed due to heavy
joe-jobbing. Pl
ease try again later"
Looks interesting, but doable only if you know every single user
behind the gate. Again, not doable here - the box where I want to
change this bounce
message is already the second step *after* the external MX:
I see... Is there no possibility of implementing sth at the _real_
border machine?
Of course it all depends on how computer savvy and co-operating the
"institutions" are. If you can convince them to give you a list of
users (with updates, if they add/remove users) a semi-manual solution
might be possible.
external machine / sender -> MX in DMZ ->
firewall w/ mail proxy
-> internal relay -> recipient mail server
Only the external MX in the DMZ could directly talk to the sender,
but it has no way of checking the existance of the end recipient.
So, it's still the bounce message I'd have to change AFAICS...
Greets & thanks for your input,
Eric
Alain