>I've been following this post.office spammer thread with some interest.
>Here's an idea:
>
>Set up a machine as a mail forwarder (only), and point MX to it. Use
>only a hosts file for name resolution (disable DNS) so that the only
>machine the forwarder can look up by name is the "real" mail server.
Duh...... Why couldn't I just add an option in the core router's filter
table to block port 25 access and leave it on a single machine? Since POP3
access is on a different port, it could be done without the mess, no?
Or am I missing something?
If it really is this simple, I may owe Lee an apology AFA the security bug
issue goes. (I still disagree on the pricing issue, and think that the
performance has suffered compared to other products, though, and will still
be switching).
>Make sure the hosts file includes an entry for the domain itself that
>points to the real mail server. Any SMTP for your system goes through
>through the forwarder to the real mail host, and any mail hitting that
>"inbound" mail server for other mail servers dies as undeliverable.
>Then block tcp:25 in to your "real" mail server. It's kludgy but it may
>work for some of you with a spare machine and a few hours of time.
>
>It does nothing to actually fix the core problem, i.e. buggy software
>and poor support, but I'm offering this suggestion for those of you
>pushed against the wall by this.