A simple solution if you have an extra machine.. install qmail on a
new box... put it into your DMZ to collect mail. You then set a
simple smtproute to forward all mail to your inner mail server's ip.
qmail is secure, bug free and the programs are efficient but it needs
updating.
There are no user accounts/passwords on the DMZ mail gateway and no mail
stored (sensitive data) on the DMZ mail gateway machine.
It simply accepts all email for your domain, and simply forwards it
through the DMZ pinhole to your internal mail server. If you want you
could also have it handle antivirus, spam and rblsmtpd listing.
The prime recipe for an outscatter host.
You will have to patch qmail to get any form of recipient address
checking to reject at the smtp level.
Queue management can become a nightmare. With your proposal, if some
spammer stuffs the queue with a load of spam (send spam to qmail box,
set sender address to spam victim and voila! almost filter proof
spamming) you have to stop the queue manager to do any deletes.
qmail is the best choice for an outgoing mail queue in its current
state. Or a second stage mta if you want to make use of its great
dot-qmail delivery behaviour. But as an mx, it won't cut it with today's
Internet.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
