Michael Hannon said...

|Heh.  During our first iteration of this, over a year ago, I didn't even 
|bother to use iptables.  I just used TCP Wrappers (i.e., 
|/etc/hosts.deny) to block all access to sendmail on the machine in 
|question unless the request for sendmail came from our spam-filter box. 

Sounds reasonable.

|  The (faculty) head of our computer committee started losing 
|legitimate, and, evidently, quite important mail almost immediately. 
|How can you possibly know what's happening at the gazillion sites out 
|there in cyberspace that you don't control?

You examine headers, of course.  Which may or
not help you solve the immediate problem, but
at least you know what;s happening.

Then you rewrite all your spam to come from
the offending sites and dump it in the
faculty head's inbox. 8^)

I know, but one has to dream.

[My dad was a prof, a department chair, and
a dean, so I understand university politics
all too well.]

-Miels