Source IP Address Ruleset / Allowing Mail From Specific Source Only

Ken A ka at
Tue Mar 1 20:45:38 GMT 2011

If you can use a sendmail milter,
milter-regex would work with something like this:

mySafeIP = connect // /xxx\.xxx\.xxx\.xxx/
myDomain = envrcpt /
reject "please use the proper MX"
$myDomain and not $mySafeIP

The matches are just regular expressions, so you could leave off the 
last octet to match a /24, for example..  (not tested)


On 2/23/2011 8:43 AM, Cameron B. Prince wrote:
> Hello fellow MailScanner users,
> I've been using MailScanner for over 6 years now and it continues to provide
> a good service for my clients. I now have a few clients that want to pay for
> what they hope is even better spam filtering services provided by external,
> third-party filtering companies. This is okay with me because these domains
> get an extremely high volume of spam and really tax the servers.
> We have configured one client's MX record to route all the mail for their
> domain to one of these companies. There the mail is filtered and then clean
> mail is routed back to our server to be stored in the client's mailboxes.
> This is working well, but we have spammers with cached MX records making an
> end-run around the new filter by continuing to send mail directly to our
> server.
> To solve this, I'm hoping it would it be possible to set up something like a
> ruleset such as:
> To:
> The idea being that the source address of the MX connection is checked and
> compared with the ruleset. Then if the IP address matches mail is allowed
> and if not, it's blocked.
> I'm certainly open to other suggestions, but this seems like an elegant
> solution and a nice feature for MailScanner.
> There have been suggestions of using IP tables but since our mail servers
> receive mail for many different domains, we can't simply block everything
> except the filtering company.
> I look forward to your thoughts and ideas.
> Thanks,
> Cameron

Ken Anderson
Pacific Internet -

More information about the MailScanner mailing list