Re: [exim] Limiting incoming connections on a per-domain bas…

Top Page
Delete this message
Reply to this message
Author: Steve Sobol
Date:  
To: John Robinson
CC: Odhiambo G. Washington, exim-users
Subject: Re: [exim] Limiting incoming connections on a per-domain basis
On Thu, 21 Sep 2006, John Robinson wrote:

> Yes, it's possible, and it's not too hard, but with the config change I
> suggested before you wouldn't need to.


> You sound as if you'd rather not change your config at all, but Exim's
> relatively easy to configure, so why not?


Because, I quote:

"Well, you could just
    deny domains = those_domains
         !hosts  = +allowed_hosts


but if I understand correctly, that would also stop accepting mail for
those_domains from any relay_from_hosts or authenticated users, which
may not be the desired effect."

Yes, I need to accept connections from authenticated users.


> Actually, I also wonder, why does it matter whether you accept messages
> directly from all over the 'net for your filtered domains? The facility
> will presumably won't be advertised (i.e. MX records in the DNS), so
> it's unlikely to present any major threat if you just accept from anywhere.


I can tell there's stuff being sent directly to Exim; those messages bear
none of the headers that they'd have if they came through the spam
filters.

I only made the change recently, and I'll bet there's a lot of ratware out
there that still has the old MX record cached. justthe.net is a good
example; the MX records all point to cleanmessage.com now, but there is
still spam coming directly to mx.justthe.net (my Exim box) even though it
is not publically advertised in DNS anymore.

-- 
Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows
Apple Valley, California     PGP:0xE3AE35ED


It's all fun and games until someone starts a bonfire in the living room.