On Thu, 07 Oct 2004 10:18:45 -0600, administrator wrote
At 11:51 AM 10/7/2004 -0400, "David Brodbeck" <gull(_at_)gull(_dot_)us> wrote:
My favored technique is to accept direct-to-MX connections from dynamic IPs,
but to delay the initial greeting by 40 seconds. If your MTA is
RFC-compliant, this is no problem. If you're running some kind of ratware
that can't wait that long, you're not going to get any sympathy from me. ;)
*************** REPLY SEPARATER ****************
I like this idea. Does anyone know of a Windows utility that can be
set up on port 25 in front of an MTA to provide this delay?
I don't, but I can tell you what I did faced with a similar situation.
The company I work for has an Exchange 5.5 server. They had it before I
started working there, and changing it to something else was a non-starter.
However, there was a desire to have spam and virus filtering.
What I did is set up a Linux system as a mail gateway. The MX record points
to that system. It sends the mail on to the Exchange server after processing
it. Outgoing mail is sent to the gateway first, which acts as a smarthost and
sends it on to the Internet. An added advantage is the Exchange server no
longer has to be exposed to the outside world -- it can be safely behind our
firewall.
The only really tricky thing about this is the gateway has to be able to
determine whether a user is valid on the Exchange server at SMTP time. I do
this with an LDAP lookup, but depending on the capabilities of the Windows MTA
you might be able to do it with a callout instead. (This doesn't work with
Exchange 5.5, since it accepts everything and then sends a bounce later!)
You can use pretty much any MTA you're comfortable with on the gateway, as
long as it can handle relaying. I'm using Exim.