Your last paragraph answered all the questions. So, If I understand
you correctly, smtp packets coming from edge firewall have to be
routed rather than NATed in order to achieve desired effect.
I just realezed that on my internal network, where exchange 2007 is
running, I have sender id reputation filtering. There, sender id is
checked correctly, All I had to do is to tell exchange 2007 ignore ip
127.0.0.1.
Now I understand why the a dmz gateway should both send and receive mail.
Correct me if I misunderstood something here.
On Thu, Nov 26, 2009 at 1:50 PM, Murray S. Kucherawy <msk_at_blackops.org> wrote:
> On Thu, 26 Nov 2009, Roman Gelfand wrote:
>>
>> I just read the man page on peer list and it seems to say the email coming
>> from 127.0.0.1 will not be filtered altogether. I was looking to filter
>> that message. Wouldn't opendkim fail this message if source ip is
>> 127.0.0.1. If so, how do you make opendkim ignore this source ip and go to
>> previous?
>
> Your original message said "Unless you tell me otherwise, I don't want to
> neither sign nor verify 127.0.0.1." If you don't want to do either, then
> putting it on the peer list is what you want.
>
> What sort of filtering do you want opendkim to do in that case?
>
> The source IP is the IP address that is currently connected to your MTA,
> sending the message in. Neither the MTA nor the filter make an attempt to
> read through past Received: header fields to figure out what earlier MTAs
> handled the message, so all you have to work with is 127.0.0.1. The DMZ
> setup you have has the side effect of hiding the real IP address of the MTA
> that's sending mail in to you, so you can't really work with it.
>
Received on Thu Nov 26 2009 - 19:25:18 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:16:46 PST