> 
> 
> I don't know what I'm doing, and I've never done this
> before, and JLF will be your savior, but I did skim over:
> 
>     http://www.iks-jena.de/mitarb/lutz/usenet/antispam.html
> 
> 
> sendmail (and I assume postfix) can be configured to
> be spawned from inetd (inetd listens on port 25 and
> hands the connection off to the MTA) or it can be
> configured to run "standalone" ("-bd", inetd is not
> involved at all, sendmail (or whatever MTA) listens
> to port 25 and handles everything all by itself.
> 
> Anyway, it sounds like you have postfix set up in
> "standalone" mode, listening on a non-standard smtp
> port (your "fakesmtp").  However, from the URL above,

Well, actually I installed postfix in full mode (that's
not the right name, but I let it take over all sendmail
functions), so normally it would have been listening
on 25.

And what I'd tried to do was just move its port over to
fakesmtp.

But that's not how I ended up doing it.  I figured, hey,
postfix is working 'fine' as is, why muck with it?


So, what I did was make 'antispam' (teergrube) listen
on a different port (pick a port, any port) and then,
since all this is running on my firewall anyway,
simply write one (ok, 2) rule to REDIRECT port 25
FROM THE PPP link to port (pick the same port),
reload the rules, and there you go.

The long explanation is that external entities will
get forwarded to my antispam port, which handles
the teergrubing and then runs sendmail -bs to pass
the connection to a "helo" handler, which is then
put into the postfix incoming queue and handled
normally.  My internal network does not even
bother with antispam since I did not redirect
eth0 to port 25.

If I was truly paranoid I'd probably run my internal
network through it too, but if someone breaks in
to my internal network SPAM is going to be the least
of my worries!

rusty