syn_nospam_uw <syn_nospam_uw@hotmail.com> writes:

> I was wondering if it is possible to run spamd in greylisting mode
> (default) as a filter front-end to our mail server not on a firewall
> but simply on a normal server on our network (behind the firewall) ?

You would need to have PF running on that machine with a very simple
rule set, but sure, there is no law of nature that dictates spamd has
to run on your gateway.

> I am not sure about it because spamd needs the originating IP of the
> sender and maybe through NAT it gets lost or something ?

I wouldn't worry about that specifically (at least if we're talking
regular nat), but rather how to make sure smtp traffic from untrusted
sources hits spamd and not your mail server. It's possible to paint
yourself into a corner with a complicated configuration and no real
gain.

--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.