PMDF System Manager's Guide

One of the most important parts of setting up an effective e-mail firewall is having a security orientation: this is sometimes described as taking the attitude that "anything not permitted is forbidden".

There are a number of tradeoffs when configuring message handling. In a firewall configuration, the emphasis tends to be on tracking and control of messages and information passing through, whereas a regular PMDF-MTA configuration tends to emphasize efficiency and effectiveness. That is, where a regular PMDF-MTA configuration is geared towards "getting the mail through" one way or another, e.g., accepting various address formats and fixing them up if necessary, a PMDF firewall configuration will typically be more concerned with ensuring that only "appropriate" addresses work and rejecting other addresses. A PMDF firewall configuration will typically maintain detailed logging information even at the expense of some additional overhead. And in a PMDF firewall configuration, there will typically be some concerns about what internal addressing information is exposed externally, which can mean performing additional work on address transformations, or stripping potentially useful (but overly informative) information from messages.