Re: [exim] only allowing certain IPs based on domain name

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJohn Cage at <-
M 
Delete this message
Reply to this message
Author: Chuck Rock
Date:  
To: 'John Cage', exim-users
Subject: Re: [exim] only allowing certain IPs based on domain name
I use a local Barracuda filter and this is what I ended up with in my Exim
configuration.

I created two files, one to list the filtered domains, and the other to list
allowed IP's to accept the filtered domain E-mails from.

In my exim.conf after the other localdomains lists and stuff I added this.

hostlist barracuda_hosts = net-lsearch;/etc/barracudaip : \
net-lsearch;/etc/relayhosts

domainlist barracuda_domains = lsearch;/etc/barracudadomains

Then in the check_recipient block after 'accept hosts = :' line I added
these lines.

deny
!hosts = +barracuda_hosts
domains = +barracuda_domains
message = Please use the domain MX record

So when a new domain gets the filter treatment, I just add it to my
/etc/barracudadomains file.

Chuck

-----Original Message-----
From: exim-users-bounces@??? [mailto:exim-users-bounces@exim.org] On
Behalf Of John Cage
Sent: Thursday, January 03, 2008 2:30 PM
To: exim-users@???
Subject: Re: [exim] only allowing certain IPs based on domain name

Dave

That looks exactly what we're wanting. Basically we point our MX records to
this spam filtering company and then they push the (cleaned) mail to us. We
need to do it only for certain domains though, not server-wide. I'll have a
read of the link you sent, so thanks for this

John

----- Original Message ----
From: Dave Evans <exim-users-20071221@???>
To: John Cage <johnc8117@???>
Cc: exim-users@???
Sent: Thursday, January 3, 2008 7:47:37 PM
Subject: Re: [exim] only allowing certain IPs based on domain name


On Thu, Jan 03, 2008 at 11:09:20AM -0800, John Cage wrote:
> We're using an external spam filtering company for some of our
domains (but
> not all). They have provided us with the IP addresses that their
servers use
> and have suggested that we allow incoming mail from these addresses,
but
> block all other - but only for these domains (obviously). I've
searched for
> this, but in vain, and any help would really be appreciated

So do the MXs for those domains point to this other spam filtering
company,
not to you? And then they deliver the mail to you based on some
nominated
hostname (i.e. not MXs)?

If so, DNS TTLs permitting, you'll want to permanently reject (deny)
attempts
by others to send mail to those domains. In general, something like 

  deny
    domains = somedomain.example.com
    hosts = !spamfilteringserver.example.net
    message = Relaying denied


placed appropriately in your RCPT ACL should do the trick. For more
information, read
http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECTaclco
nditions
,
especially "domains = <domain list>" and "hosts = <host list>".

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey







____________________________________________________________________________
________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Retry time not reached for any Host[exim] exim TLS problem->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)