[Gllug] just a quick question

Martin A. Brooks martin at hinterlands.org
Sat Feb 11 19:35:42 UTC 2006 

Tethys wrote:
> If I turn up with Mike Brodbelt and a camera, will you let me post the
> resulting pictures to this list?

I respect Mike's skills with sendmail but I believe that even he would 
have trouble making sendmail jump through the hoops required here.

But seeing as you asked.....

For every incoming connection, compare the connection details to a 
database and temporarily reject new connections (i.e. greylist) if the 
receiving domain is in a list of domains to be greylisted.

Incoming mail should be checked against a per-domain list of "unknown 
user" accounts and rejected if there's a match.

Scan incoming mail for viruses, using between 1 and 3 scanners. If a 
virus is present then, depending on a per-domain configuration, reject 
the mail with a terminal error. The domain configuration may require you 
to rewrite the email subject to start with "[VIRUS]"  (where "[VIRUS]" 
is an arbitrary, per domain, string), or to redirect the mail to a 
quarantine account. You should also check the subject to see if it 
contains a preset per-domain string, in which case the email should not 
be touched and delivered according to the normal rules.  Under no 
circumstances should a bounce be created.

Scan incoming mail for spam content using SpamAssassin. If the mail 
passes a per-domain threshold then it should be either terminally 
rejected, or have the subject rewritten, or redirected to another 
mailbox, much like with viruses above. You should also check the subject 
to see if it contains a preset per-domain string, in which case the 
email should not be touched and delivered according to the normal rules. 
  Under no circumstances should a bounce be created.

Mail that makes it this far must then be routed.  Possible methods 
include LMTP delivery, statically routed to another mail server or 
delivered by MX records.

Act as a smarthost.  Reject virus infected email, except where a from 
address is listed in a "do not virus check" list.  Reject spam, email, 
except where a from address is listed in a "do not virus check" list.

Act as an authenticating mail relay, accepting usernames and cram-md5 
passwords.

For certain domains, ignore MX records and route mail based on a static 
host list.






-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list