Source IP Address Ruleset / Allowing Mail From Specific Source Only

Markus Nilsson markus at markusoft.se
Wed Feb 23 15:03:46 GMT 2011


> From: "Cameron B. Prince" <cplists at princeinternet.com>

> 
> This is working well, but we have spammers with cached MX records
> making an
> end-run around the new filter by continuing to send mail directly to
> our
> server.
> 
> To solve this, I'm hoping it would it be possible to set up something
> like a
> ruleset such as:
> 
> To: domain.com xxx.xxx.xxx.xxx
> 
> The idea being that the source address of the MX connection is checked
> and
> compared with the ruleset. Then if the IP address matches mail is
> allowed
> and if not, it's blocked.
> 
> I'm certainly open to other suggestions, but this seems like an
> elegant
> solution and a nice feature for MailScanner.
> 
> There have been suggestions of using IP tables but since our mail
> servers
> receive mail for many different domains, we can't simply block
> everything
> except the filtering company.
> 
> I look forward to your thoughts and ideas.
> 
> Thanks,
> Cameron
> 
> 

Sounds like a job for SpamAssassin! (something like the below)

header __TO To =~ /^address at domain$/
header __FROM Received =~ /\[1.2.3.4\]/
meta RULE (__TO - __FROM) >= 1 
score RULE 10
describe RULE Mail coming from wrong IP

/Markus

 
 
--
This message has been scanned for viruses and dangerous content by CronLab
(www.cronlab.com), and is believed to be clean.



More information about the MailScanner mailing list