SV: Only allow mail from 1 server

John Berntsen john at OMEGADATA.NO
Thu Dec 2 09:43:06 GMT 2004 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi

The following iptables stuff would do the trick.

#!/bin/sh
# Flush the chains
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING
iptables -t nat -F OUTPUT

# set the policy to drop
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP


iptables -A INPUT -p tcp -s 10.10.10.10 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
# this one makes imap clients not hang for a long time
iptables -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset

This will allow smtp only from ip 10.10.10.10
and imap and pop3 from everyone else.

Regards
John Berntsen

> -----Opprinnelig melding-----
> Fra: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] På vegne av Steen, Glenn
> Sendt: 2. desember 2004 10:06
> Til: MAILSCANNER at JISCMAIL.AC.UK
> Emne: Re: Only allow mail from 1 server
> 
> As far as I can see this would also be very simple to do with Postfix
> (and who will chime in for exim&zmailer:) too.
> 
> But if your satisfied with sendmail and have no other compelling
> reson to change, the FWing or tcpwrappers bits would be enough.
> 
> -- Glenn
> 
> > -----Original Message-----
> > From: MailScanner mailing list 
> > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Chris Stone
> > Sent: den 1 december 2004 21:26
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Only allow mail from 1 server
> > 
> > 
> > I have this setup using qmail on the primary servers with 
> > qmail-spp patch
> > and a script (plugin through qmail-spp) to check the sending 
> > mail server and
> > if the connection if from an SMTP AUTH connection - works 
> > quite well and
> > keeps the spammers and viruses from doing an 'end-around' the 
> > filtering
> > servers running MailScanner.
> > 
> > 
> > -----Original Message-----
> > From: MailScanner mailing list 
> > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
> > Of Julian Field
> > Sent: Wednesday, December 01, 2004 5:45 AM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Only allow mail from 1 server
> > 
> > No, not as far as I know. You need a firewall to protect 
> it. If it's a
> > Linux box then this is easy using IPtables (but don't ask me how).
> > 
> > Paul Houselander - SME wrote:
> > 
> > > Hi
> > >
> > > I have a machine running Mailscanner/Sendmail where users also pop
> > > there mail off.
> > >
> > > I want to move MailScanner to a couple of machines that 
> > scan the mail
> > > then forward onto the box where the users actually pop 
> > there mail off.
> > >
> > > Ill get rid of the current MX record for the POP machine 
> > and create MX
> > > records for the 2 MailScanner Machines. I want to ensure the POP
> > > machine can only recieve mail from the 2 front end MailScanner
> > > Machines. I guess I can use a firewall to only allowing incomming
> > > connections from the 2 machines but is there a way you can achieve
> > > this within sendmail?
> > >
> > 
> > --
> > 
> > --
> > Julian Field
> > www.MailScanner.info
> > Buy the MailScanner book at www.MailScanner.info/store
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support
> > 
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > 
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > 
> > Support MailScanner development - buy the book off the website!
> > 
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > 
> > Support MailScanner development - buy the book off the website!
> > 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list