From owner-freebsd-isp@FreeBSD.ORG  Mon Jul 26 20:36:13 2004
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7E7B516A4CE
	for <freebsd-isp@freebsd.org>; Mon, 26 Jul 2004 20:36:13 +0000 (GMT)
Received: from luke.wtconnect.com (luke.wtconnect.com [64.232.164.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BB67143D39
	for <freebsd-isp@freebsd.org>; Mon, 26 Jul 2004 20:36:12 +0000 (GMT)
	(envelope-from sblaydes@wtconnect.com)
Received: from wtconnect.com (noc.wtconnect.com [64.232.164.10])
	by luke.wtconnect.com (8.12.10/8.12.10) with ESMTP id i6QKa0tP076274;
	Mon, 26 Jul 2004 15:36:00 -0500 (CDT)
	(envelope-from sblaydes@wtconnect.com)
Message-ID: <41056B3B.6050304@wtconnect.com>
Date: Mon, 26 Jul 2004 15:36:11 -0500
From: Scott Blaydes <sblaydes@wtconnect.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.6) Gecko/20040113
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Richard Kuhns <rjk@wintek.com>, freebsd-isp@freebsd.org
References: <41056580.3050007@wintek.com>
In-Reply-To: <41056580.3050007@wintek.com>
X-Enigmail-Version: 0.83.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=0.0 required=7.0 tests=none autolearn=no version=2.63
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on luke.wtconnect.com
X-Virus-Scanned: by amavisd-new
Subject: Re: Question about virus/spam filtering for customers with mail
	servers
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2004 20:36:13 -0000

Richard Kuhns wrote:
> I'm hoping someone will be willing to share a better way to handle this.
> 
> We offer virus/spam filtering for customers with their own mail servers. 
> We're currently implementing this by configuring the customer's firewall 
> to only accept smtp connections from our servers (all running sendmail 
> under FreeBSD 4), and the customer's MX records point to their server 
> first and our server(s) second and third. In most cases this works just 
> fine -- attempts by a mail server to deliver mail directly to the 
> customer fail, the mail server tries the secondary MX site (us), we 
> accept and filter the message and deliver it to the customer (or not).


You could set up your FreeBSD boxes that are doing the 
scanning/filtering to be the primary and secondary MX for the domain and 
  then use sendmail's mailertable to deliever the messages to the 
customers' servers.  The mailertable will even let you ignore MX 
settings for the domain.

Scott Blaydes