Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bypassing milters for trusted users

2 views
Skip to first unread message

Gushi

unread,
Sep 9, 2005, 3:50:02 AM9/9/05
to
Okay, here's the basic setup:

I've got a "frontend" mail server that I'd like to have do some virus
scanning for me with a milter. It will have a lower MX priority than
my "main" server, so by default good clients will deliver to it, and it
will then forward mail onto the "real" server.

Now, since that server may go down at some point or another, I would
also like to allow delivery to the "main" server with a higher-numbered
priority. I plan to also do virus scanning on this one, but to keep
load low, I'd like to bypass it for "trusted" servers (like the
"frontend" server, so all the mail doesn't get scanned twice).

Is this possible through the sendmail config, or best done through the
code in the milter?

Thanks,

Dan Mahoney

Claus Aßmann

unread,
Sep 29, 2005, 1:01:50 AM9/29/05
to
Gushi wrote:

> I've got a "frontend" mail server that I'd like to have do some virus
> scanning for me with a milter. It will have a lower MX priority than
> my "main" server, so by default good clients will deliver to it, and it
> will then forward mail onto the "real" server.

> Now, since that server may go down at some point or another, I would
> also like to allow delivery to the "main" server with a higher-numbered
> priority. I plan to also do virus scanning on this one, but to keep

Spammers are known to connect to secondary MXs.

> load low, I'd like to bypass it for "trusted" servers (like the
> "frontend" server, so all the mail doesn't get scanned twice).

> Is this possible through the sendmail config, or best done through the
> code in the milter?

Usually done in milter code.

You could run a "milter-less" instance that only accepts connections
from "trusted" servers, e.g., via firewall rules.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Gushi

unread,
Sep 30, 2005, 6:50:31 PM9/30/05
to
Right, and the main server in that case would NOT be defenseless...it's
just that with as many domains as I have, I'd like to limit the load on
the main box. It does enough :)

0 new messages