Source IP Address Ruleset / Allowing Mail From Specific Source
Only
Ken A
ka at pacific.net
Tue Mar 1 20:45:38 GMT 2011
If you can use a sendmail milter,
milter-regex would work with something like this:
mySafeIP = connect // /xxx\.xxx\.xxx\.xxx/
myDomain = envrcpt /example.com/
reject "please use the proper MX"
$myDomain and not $mySafeIP
The matches are just regular expressions, so you could leave off the
last octet to match a /24, for example.. (not tested)
Ken
On 2/23/2011 8:43 AM, Cameron B. Prince wrote:
> Hello fellow MailScanner users,
>
> I've been using MailScanner for over 6 years now and it continues to provide
> a good service for my clients. I now have a few clients that want to pay for
> what they hope is even better spam filtering services provided by external,
> third-party filtering companies. This is okay with me because these domains
> get an extremely high volume of spam and really tax the servers.
>
> We have configured one client's MX record to route all the mail for their
> domain to one of these companies. There the mail is filtered and then clean
> mail is routed back to our server to be stored in the client's mailboxes.
>
> This is working well, but we have spammers with cached MX records making an
> end-run around the new filter by continuing to send mail directly to our
> server.
>
> To solve this, I'm hoping it would it be possible to set up something like a
> ruleset such as:
>
> To: domain.com xxx.xxx.xxx.xxx
>
> The idea being that the source address of the MX connection is checked and
> compared with the ruleset. Then if the IP address matches mail is allowed
> and if not, it's blocked.
>
> I'm certainly open to other suggestions, but this seems like an elegant
> solution and a nice feature for MailScanner.
>
> There have been suggestions of using IP tables but since our mail servers
> receive mail for many different domains, we can't simply block everything
> except the filtering company.
>
> I look forward to your thoughts and ideas.
>
> Thanks,
> Cameron
>
>
--
Ken Anderson
Pacific Internet - http://www.pacific.net
More information about the MailScanner
mailing list