Ruleset to lock domain to IP address
Glenn Steen
glenn.steen at gmail.com
Wed Oct 25 20:40:02 IST 2006
On 25/10/06, James Fagan <jfagan at firstlightnetworks.com> wrote:
>
>
> > We plan to introduce some premium filtering options for some domains.
> > This will result in all incoming mail to a given domain
> > arriving from a single known IP address. To prevent
> > "back-dooring" we'd like to lock that in so any incoming mail
> > to a given domain from any other IP address is rejected or
> > dropped. Can I create a ruleset to achieve that?
> >
> > TIA
> > Brian
> > --
>
> We do something similar, but we have it setup at the customers
> firewall/router
> to only accept connects on port 25 from one of our IPs (MailScanner
> boxes). This
> does stop the drive-by spam. We do this for all our clients permitted
> they have the
> hardware to achive this. Not exactly as you want to do it, but its an
> alternative.
> Besides most customers don't know anything about ports and routing so
> you could charge
> them a maintence fee or something for comfiguring their
> routers/firewall.
>
> Other than that I think you would be looking at some fancy pants
> iptables.
>
> Or maybe there are other solutions?
>
> James
This should be done at MTA level (where you have all the necessary
info _and_ the ability to really reject mail (saving resources....).
Might be easier with some MTAs than others though:-). Or at least as
close a facsimile of that function as possible:).
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list