> A simple solution if you have an extra machine.. install qmail on a > new box... put it into your DMZ to collect mail. You then set a > simple smtproute to forward all mail to your inner mail server's ip. qmail is secure, bug free and the programs are efficient but it needs updating. > > There are no user accounts/passwords on the DMZ mail gateway and no mail > stored (sensitive data) on the DMZ mail gateway machine. > > It simply accepts all email for your domain, and simply forwards it > through the DMZ pinhole to your internal mail server. If you want you > could also have it handle antivirus, spam and rblsmtpd listing. The prime recipe for an outscatter host. You will have to patch qmail to get any form of recipient address checking to reject at the smtp level. Queue management can become a nightmare. With your proposal, if some spammer stuffs the queue with a load of spam (send spam to qmail box, set sender address to spam victim and voila! almost filter proof spamming) you have to stop the queue manager to do any deletes. qmail is the best choice for an outgoing mail queue in its current state. Or a second stage mta if you want to make use of its great dot-qmail delivery behaviour. But as an mx, it won't cut it with today's Internet.