Ruleset to lock domain to IP address
James Fagan
jfagan at firstlightnetworks.com
Wed Oct 25 17:08:02 IST 2006
> We plan to introduce some premium filtering options for some domains.
> This will result in all incoming mail to a given domain
> arriving from a single known IP address. To prevent
> "back-dooring" we'd like to lock that in so any incoming mail
> to a given domain from any other IP address is rejected or
> dropped. Can I create a ruleset to achieve that?
>
> TIA
> Brian
> --
We do something similar, but we have it setup at the customers
firewall/router
to only accept connects on port 25 from one of our IPs (MailScanner
boxes). This
does stop the drive-by spam. We do this for all our clients permitted
they have the
hardware to achive this. Not exactly as you want to do it, but its an
alternative.
Besides most customers don't know anything about ports and routing so
you could charge
them a maintence fee or something for comfiguring their
routers/firewall.
Other than that I think you would be looking at some fancy pants
iptables.
Or maybe there are other solutions?
James
More information about the MailScanner
mailing list