slightly OT - my freebsd email topology

[Charles Trevor]

Jonathan Horne wrote:
> currently, my email server is just a single box, accepting and sending emails
> from and to the internet.  spamassassin and sendmail, and so far, it works
> satisfactory.
> 
> i would like to change it up, so that i have a pair of servers doing MX from the
> internet, which then passes to an internal server for delivery.  if i do that, i
> could remove spamassassin from the internal server, and run it on just the 2
> external.  all those configurations is really not my issue here... what im
> really pondering is how would external servers that are seperate from where the
> target mailboxes are, know which addressess are acceptable and which to return a
> 550?
> 
> does anyone have any setups that are similar to this, and could advise me or
> point me in the right direction?
> 
> thanks,
> jonathan

Jonathan,

I do just this, a pair of FreeBSD boxes running Sendmail, SpamAssassin 
and ClamAV protecting a single internal box. I use MIMEDefang to do a 
lot of the heavy lifting. MIMEDefang provides a facility to check the 
to: email address against the server that is the ultimate mail 
destination before accepting it for delivery, preventing the border 
servers from accepting all email to the domain and then having to try to 
deliver bounces to faked/invalid from addresses. I think this is what 
you were looking for.

The function I am using to do this in mimedefang-filter is

sub filter_recipient {

         my($answer, $explanation) =
             	md_check_against_smtp_server($sender, $recip, 				 
"mx.adomain.co.uk", "mailhomes.adomain.co.uk");
         	# Convert TEMPFAIL to CONTINUE
         	$answer = 'CONTINUE' if ($answer eq 'TEMPFAIL');
         	return ($answer, $explanation);
	
	}

MIMEDefang can be found here http://www.mimedefang.org/

HTH,

Charlie