Milter-greylist

It shouldn't appear connections are coming from the firewall, unless  
he is doing source masquerading on incoming connections, where he  
would of wanted to do, destation rewriting to forward those  
connections from the firewall to the email server.

The only way I see it curently working is if he is doing both, or he  
got some 3rd party port forwarder involved, then your just screwed.


Quoting Bill Levering <idbill@...>:

>
> ---------------
> |  internet   |
> _______________
>       ||
>       ||
> ---------------
> |  internal   |
> |  firewall   |
> | 172.16.88.2 |
> _______________
>       ||
>       ||
> ---------------
> | smtp server |
> | 172.16.88.3 |
> _______________
>       ||
>       ||
> ---------------
> |  internal   |
> |  machines   |
> | 172.16.88.x |
> _______________
>
>
> If the firewall is between the mail server and the internet, then you
> should remove the whitelisting for the firewall but this would break
> all mail since the firewall is (probably) doing port forwarding and
> all connections will appear to be from the firewall. Hmmm...
>
> Bill Levering
> idbill@planx.com
> KFP: 6C0A 067C 7E03 58C3 C2F7  8278 6DFD 55A8 108B ED2F
>
>
>
> On Jul 13, 2009, at 9:26 AM, Rick Knight wrote:
>
>> Emmanuel Dreyfus wrote:
>>>
>>>
>>> On Sun, Jul 12, 2009 at 01:55:33PM -0700, Rick Knight wrote:
>>>> 172.16.88.3 is the internal address of my mail server.
>>>
>>> Um, sorry, I overlooked that one, my answer was meaningless.
>>>
>>> Can you send your greylist.conf and the Received: headers of the  message
>>> that passed through?
>>>
>>> -- 
>>> Emmanuel Dreyfus
>>> manu@... <mailto:manu%40netbsd.org>
>>>
>>>
>> Forgot to mention, 172.16.88.2 is the internal IP of my firewall,
>> 172.16.88.3 is the mail server.
>>
>> Thanks,
>> Rick
>>
>>
>>
>> ------------------------------------
>>
>> Yahoo! Groups Links
>>
>>
>>