Hi Jeff,
> I was also thinking maybe hacking pop-before-relay to do iptables
> rules on the BQ server for port 25, but don't know what the issues would be.
Hmm. Could possibly done that way, but the amount of information you'll have
about the email traffic from inside POP-before-SMTP would be limited. Whereas
in a milter you'd get access to the entire email, including headers and
therefore also the relay information. While some of that can be gathered from
the maillog as well, it would require quite some coding to make it happen
with POP-before-SMTP.
> I had a similar thought with the milters, but I've never developed my own
> milters before. I'll have to look into it.
It's not that difficult to extend MimeDefang if you're familliar with Perl.
Maybe 5-15 lines of extra code.
> It's strange, I would think this would be a very common issue, and there
> would be well known solution. In the last few weeks I've seen a rise in
> directed (non-mx lookup) email spamming, so I really need a solution.
Yes, it's getting more and more of a problem. But as most people have
different network layouts (not everyone has a 2nd MX, not everyone runs the
MX on separate servers) it's difficult to provide a "one-size-fits-all"
solution.
--
With best regards,
Michael Stauber