Ruleset to lock domain to IP address

Glenn Steen glenn.steen at
Wed Oct 25 20:40:02 IST 2006

On 25/10/06, James Fagan <jfagan at> wrote:
> > We plan to introduce some premium filtering options for some domains.
> > This will result in all incoming mail to a given domain
> > arriving from a single known IP address.  To prevent
> > "back-dooring" we'd like to lock that in so any incoming mail
> > to a given domain from any other IP address is rejected or
> > dropped.  Can I create a ruleset to achieve that?
> >
> > TIA
> > Brian
> > --
> We do something similar, but we have it setup at the customers
> firewall/router
> to only accept connects on port 25 from one of our IPs (MailScanner
> boxes). This
> does stop the drive-by spam. We do this for all our clients permitted
> they have the
> hardware to achive this. Not exactly as you want to do it, but its an
> alternative.
> Besides most customers don't know anything about ports and routing so
> you could charge
> them a maintence fee or something for comfiguring their
> routers/firewall.
> Other than that I think you would be looking at some fancy pants
> iptables.
> Or maybe there are other solutions?
> James

This should be done at MTA level (where you have all the necessary
info _and_ the ability to really reject mail (saving resources....).
Might be easier with some MTAs than others though:-). Or at least as
close a facsimile of that function as possible:).

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list