Source IP Address Ruleset / Allowing Mail From Specific Source Only

[Julian Field]

On 23/02/2011 15:03, Markus Nilsson wrote:
>> From: "Cameron B. Prince"<cplists at princeinternet.com>
>> This is working well, but we have spammers with cached MX records
>> making an
>> end-run around the new filter by continuing to send mail directly to
>> our
>> server.
>>
>> To solve this, I'm hoping it would it be possible to set up something
>> like a
>> ruleset such as:
>>
>> To: domain.com xxx.xxx.xxx.xxx
>>
>> The idea being that the source address of the MX connection is checked
>> and
>> compared with the ruleset. Then if the IP address matches mail is
>> allowed
>> and if not, it's blocked.
>>
>> I'm certainly open to other suggestions, but this seems like an
>> elegant
>> solution and a nice feature for MailScanner.
>>
>> There have been suggestions of using IP tables but since our mail
>> servers
>> receive mail for many different domains, we can't simply block
>> everything
>> except the filtering company.
>>
>> I look forward to your thoughts and ideas.
>>
>> Thanks,
>> Cameron
>>
>>
> Sounds like a job for SpamAssassin! (something like the below)
>
> header __TO To =~ /^address at domain$/
> header __FROM Received =~ /\[1.2.3.4\]/
> meta RULE (__TO - __FROM)>= 1
> score RULE 10
> describe RULE Mail coming from wrong IP
Don't use the data in the headers! That is totally irrelevant to the 
destination and sender of the mail. Only ever use the recipient stated 
in the envelope, never use the headers.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info

Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner? Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM

'All programs have a desire to be useful' - Tron, 1982


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.