|
All Archives /
aussie-isp /
2004-12
|
<<< Date >>> | |
| Permanent Link | ||
|
Date: Fri, 3 Dec 2004 09:42:23 +1100
From: Craig Sanders To: Sean Finn Cc: aussie-isp Message-Id: <20041202224223.GA29050@taz.net.au> In-Reply-To: <20041202073611.C52AC421975D@taz.net.au> References: <20041202065418.GM22136@taz.net.au> <20041202073611.C52AC421975D@taz.net.au> Subject: Re: [Oz-ISP] Virus / Mail scanning cluster gateway TRANSPARENT! server |
No followups recorded. |
|
On Thu, Dec 02, 2004 at 05:29:19PM +1000, Sean Finn wrote: > What im really trying to do by having a config option saying 'Any email > received through this ip, after filtering, pass onto this other IP' is that > I can raise it above the domain level. > > Mucking around with single domains is too messy, apart from the initial > config of their DNS. I'm trying to make this box literllay be an optional > plug-in that sits in front of an already established mail server, regardless > of what is / isn't setup on the existing mail server, and ignoring whatever > technology it uses. what you are talking about is an open relay. if you ever build something this brain-damaged, please let me know the IP address so i can submit it to various RBLs and save the day or two that it would take for it to get blacklisted anyway. > I.e. do it at a network level rather than a domain level, so that no > intervention on the box is required. (Ultra low maintainence, and if it > breaks, replace it with a standby or just take it out of the cluster). > Im really trying to create an appliance I can roll-out here. it's not hard to configure a mail server to accept mail for a particular domain or set of domains, and it's not particularly difficult to automate configuration so that all you have to do is either 1. edit a single text file and run "make" or 2. just insert configuration details into an SQL database (with a web front end even if you don't like command line stuff). it's an insignificant amount of work and time compared to the rest of the work you'll have to do to get it running. and it's a completely negligible amount of work compared to all the cleaning up and reconfiguring you'll have to do if you build an open relay. if you build an open relay, spammers WILL find it. probably in less than a day. and you'll be blacklisted a few hours after that. this is inevitable. > The main questions here are: > > 1) For mail not identified as Virii or Spam, which server bounces it? > Answer: the OTHER mail server does, IF it gets through. not necessarily. the other server may just reject it, and leave it up to your box to deliver the bounce. that's one of the reasons why it is important to have a list of valid relay recipients. > 2) How does this server know if it's a valid recipient email address > or not? Possible Answer: probe the real mail server with a test email > and read the status. (And create a cache table). either probe the final destination server (problematic if the final destination is offline frequently - respond with 4xx temporary failure code) or maintain a relay recipient table. or use LDAP or some SQL db for recipient info. > Any thoughts on this approach or input? open relays are bad. don't do it. craig -- craig sanders <c a s @ t a z . n e t . a u (part time cyborg) ---- email "unsubscribe aussie-isp" to m a j o r d o m o @ a u s s i e . n e t to be removed. |
|