[Cerowrt-devel] in the post-cisa world

Toke Høiland-Jørgensen toke at toke.dk
Mon Feb 15 16:13:14 EST 2016


Dave Täht <dave at taht.net> writes:

> Even then, though, barrier #2 - the prospect of being a drive-by spam
> target - bothers me, so having a box in the cloud that can
> "turnaround" and rate limit stuff from port 25 there to my vpn here
> seemed ideal... except that good anti-spam requires that there be a
> reverse lookup on the origin ip and spf record that you lose that way,
> before you can get as far as starttls.

Use the cloud server as a NAT box, forwarding through the VPN? If you do
this in both directions (i.e. outgoing traffic will seem to come from
the cloud IP), you can get the reverse lookup while still having the
actual TLS connection terminate in the house? That was my plan... Will
get around to implementing it one of these days...

-Toke


More information about the Cerowrt-devel mailing list