[SLL] choosing an MTA
Creede Lambard
creede at penguinsinthenight.com
Wed Oct 29 19:52:27 EST 2003
On Wed, Oct 29, 2003 at 04:29:32PM -0800, Brian Hatch wrote:
> The one thing that Sendmail may have over Postfix is milter.
> I haven't integrated things like SpamAssassin into Postfix directly
> (so mails can be rejected immediately on port 25, rather than later
> on in processing.) Postfix, IIRC (and someone should please correct
> me on this) allows you to have Postfix send the message to a network
> port (some local daemon) that scans the message allows postfix to know
> if it should reject it, take the edited version, etc. Don't know
> how milter works in Sendmail, but I think it's perhaps a little less
> overhead.
>
I recently set up postfix on two different machines to do filtering as
messages came in the door. Basically, it works like this:
(internet) --> (firewall/NAT machine) --> (outside interface) \
--> (filter) --> (inside interface) --> (mailbox)
My mail machine has two addresses set up for eth0. Let's call them A and B.
The NAT machine is instructed to forward all Internet mail to A. Postfix
listens to A and runs any mail it gets there through whatever filter you want
it to use (spamassassin in my case), then forwards the mail on to address B.
Postfix is also listening on address B, and delivers any mail it receives
there to users' mailboxes.
So in theory you could have a filter that intercepts mail as it tries to
enter your system, and rejects it before it's forwarded on to your users.
You can do the same thing using ports instead of addresses, but hey, the
machines behind the firewall are on a class A network (10.x.x.x). I have
addresses to burn. :)
As for overhead, I have no idea how well it would scale with a large site,
but it works for my little rinky-dink operation.
--
* .~. `( ------------------------------------------------------------
` / V \ . Creede Lambard : When Linux is outlawed,
/( )\ creede at penguinsinthenight.com : only outlaws will run Linux.
^^-^^ ------------------------------------------------------------
GPG key at http://www.penguinsinthenight.com/creede_public_key.asc
More information about the linux-list
mailing list