The way that SpamFiler handles relay bothers me.

If I add 'mycompany.com' in 'white list', 'local domains', anybody can just use my server as an open relay as long as they use 'xyz@mycompany.com' as their FROM address?

I think you have got it wrong. 'mycompany.com' is not in the 'white list'. It is in 'Local Domain'. If I delete it, nobody would be able to send me anything.

The thing is that anybody could just use my Spamfilter as a relay as long as they have 'xyz@mycompany.com' in their FROM field.

The problem is really due to the fact that SpamFilter does not use IP addresses to stop relay like almost any other SMTP programs.

To counter this problem, I have to have 1 machine hosting SMTP, another hosting Spamfilter, then open an inbound port 25 on my firewall to the Spamfilter, but outbound 25 only from SMTP server.

This way the Spamfilter becomes 'receive only', while my SMTP server is responsible for sending emails.

It would be nice to have 1 machine rather than 2.

Sorry, from your post I thought you had entered the domain in both places.

My previous reply is still valid though. If you do not have "mycompany.com" in the domain whitelist, but only in your local domains, nobody is able to use SpamFilter as an open relay. The only thing they can do is to deliver email to the domains in your "local domains" list.

Please note, furthermore, that you can also prevent spammers who fake the "from: email using your domain from spamming your users. There's a handy option that stops all emails where the "from" domain equals the "to" domain.

Also please note that SpamFilter does use IP addresses to stop spammers. It uses IPs to check their presence on blacklists, it uses IPs to perform blocks by country of origin, it uses IPs to block if the reverse DNS is missing.

Regarding your configuration comments, many users use a single server to host SpamFIlter and their SMTP server, there is no need for separate servers. It is even possible to use a single IP on a single server to have both SpamFilter and your SMTP software work on a single server in harmony. Please read the posts on this forum and the sample configs on our website for more info.

Roberto F.
LogSat Software

If the antivirus application is well written, it should allow you to configure it to listen on a different port, that way SpamFilter listens in on port 25, and then forwards emails to the port the antivirus uses.

If the antivirus app does not allow you the above, if you have your servers behind a good firewall, the firewall can be configured to accept internet requests on port 25, and then forward them to your inside network on a different port, 26 for example. SpamFilter can be configured to listen on port 26, accepts emails, and then forwards them to your antivirus listening on port 25.

A 3rd option is from another post on the forum:

=======================================

Scenario. Two applications need to listen to port 25 on an IP address. The server has multiple IP addresses. One application misbehaves by taking over all IPs on the server on port 25.

Solution. If the well-behaved application (SpamFilter...) is started first, it will use a single IP address on port 25. The bad application starts next, using up all remaning IPs, but without interfering with the 1st one since that IP is already taken.

How? Using the registry, under HKLM\SYSTEM\CurrentControlSet\Services\bad-service-name, add the REG_MULTI_SZ value:
DependOnService
and assign it the name of the good service.

This will cause the bad service to depend on the good service, meaning that it needs to wait for the good service to to start first.

Roberto F.
LogSat Software