Yes, but what if one of your customer servers has an account that has a
.forward to an address outside their host, and some outside user sends a
mail to that account. Then your customers mail server would legitimately
be sending mail that was "From:" a domain other than their own.
I think the way you have it now is sufficient - you have accountability.
If one of your customers servers is an open relay, cut off their access
until they secure it. Likewise if they send spam directly.
On Mon, 4 Mar 2002 CarolO@??? wrote:
> Hi,
>
> Thanks for your answer.
>
> Maybe I have to make more clear:
>
> The goal is to find a mechanism to block open relay servers from customers.
> I see via inbound mail which domains are delivered on a certain ip address.
> For example foo.com is delivered on ip address 192.168.1.2. So my simple
> mind says, that I can accept outbound mail from foo.com from 192.168.1.2.
> So if this customer tries to send from domain spam.com from ip address
> 192.168.1.2, I can block this mail, because I know that 192.168.1.2 is not
> responsible for spam.com. I know this based on the inbound mail
> configuration.
>
> Is this a standard feature in Exim ?
>
> Greetz,
>
> Carol Overes
>
>
> -----Original Message-----
> From: Theo Zourzouvillys [mailto:theo@crazygreek.co.uk]
> Sent: Monday, March 04, 2002 3:26 PM
> To: CarolO@???; exim-users@???
> Subject: RE: [Exim] Avoiding SPAM
>
>
>
> > Hi,
>
> If I understand what you are trying to achive correctly, you are
> after "sender_address_relay" which lists the domains that senders who
> relay through your system are allowed to use.
>
> We use a mysql query for this, being:
>
> SELECT DISTINCT Domain FROM Domains WHERE (Domain =
> '${quote_mysql::${domain::$sender_address}}')
>
> Though using a lookup in a file would be the same sort of thing, just
> have something like the following in a file and do a lsearch on it:
>
> 192.168.0.1: domain1.com:domain2.com:domain3.com:blahlbha.com
> 192.168.0.2: meep.com:wibble.org
>
> Etc... And do an lsearch on it.
>
> Saying that, maybe I didn't understand the question correctly, i've
> only just woken up :)
>
> ~ Theo.
>
> Theo Zourzouvillys
> Global Network Consultant
>
> + Notnet Consultancy [ www.notnet.co.uk ]
> - Specialising in Unix security, ISP Start-up and regeneration,
> - MySQL solutions, E-commerce, and Load balancing.
> + Notnet.co.uk - Quality web hosting at an affordable price
> - http://pinky.notnet.co.uk/
> + http://www.anlx.net/
> + Mobile: +44 7747 844 300
> + theo@???
> + Personal Website: http://www.zozo.org.uk/
> + Spod: telnet://www.trekkers-rest.com:3000/
>
>
>
>
> > -----Original Message-----
> > From: exim-users-admin@???
> > [mailto:exim-users-admin@exim.org] On Behalf Of CarolO@???
> > Sent: 04 March 2002 13:55
> > To: exim-users@???
> > Subject: [Exim] Avoiding SPAM
> >
> >
> > All,
> >
> > I'm new to this mailing-list, but I have one question, which
> > I can't find in the documentation.
> >
> > We are using exim as mail relay servers for our customers. We
> > have configured inbound mail relay (from Internet via relay
> > to customer) via two files. The file
> > "inboundrelay_domains.conf" is used to configure all domains
> > for which the server is responsible. The file
> > "inboundrelay_domain2mta.conf" is configured with ip
> > addresses of customer mailservers, which are responsible for
> > domains. So for example:
> >
> > *.foo.com ==> configured in
> > inboundrelay_domains.conf
> > *.foo.com 192.168.1.2 byname ==> configured in
> > inboundrelay_domain2mta.conf
> >
> > We have configured outbound relay (from customer via relay to
> > Internet) via a file "outboundrelay_customer_hosts.conf".
> > This looks like:
> >
> > 192.168.1.2/32
> >
> > Is there a possibility to accept only outbound mail from
> > 192.168.1.2 from domain foo.com, based on the domains which
> > are configured for inbound relay. In other words, is it
> > possible to avoid SPAM from our customers to Internet, to use
> > a "backward check" based on the inbound configuration ? Via
> > the inbound configuration I know which domains are delivered
> > on that specific ip address. That means that I can only
> > accept mail from this specific domain from this specific ip
> > address.
> >
> > Greetz,
> >
> > Carol Overes
> >
> > --
> >
> > ## List details at
> > http://www.exim.org/mailman/listinfo/exim-> users Exim details
> > at http://www.exim.org/ ##
> >
> >
> >
> >
>
> >
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
--
