Re: [exim] how do I block mail to local domains except SMTP …

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Exim List
Datum:  
To: Mike Barnard
CC: exim-users
Betreff: Re: [exim] how do I block mail to local domains except SMTP auth ortrusted source?
Mike Barnard wrote:
> On Tue, Oct 7, 2008 at 6:46 AM, Exim List <eximlist@???> wrote:
>
>
>> We have a machine with several domains. The MX record for these domains
>> is pointed to a spam filter appliance.
>>
>> Alas, spammers don't play fair. They choose to connect directly to the
>> IP address(es) of the domains on the box and still send their spam that
>> way.
>>
>>
>
> you lost me there.... if the the MX records are the spam filter
> appliances... how did they get the IP addresses of the actual smtp
> servers...
>

We migrated these domains to our server from an acquisition. I'm
presuming that many spammers look for mail.domain.com as a valid
hostname anyway -- even without previous history of sending to that
address. In this case, the mail.domain.com was the MX for many of these
domains so they already have the history of sending to mail.domain.com.

So, us changing the MX record to a separate filtering appliance doesn't
force a spammer to use that appliance. They simply continue to send to
mail.domain.com instead. We want to prevent that by disallowing SMTP
traffic except from the trusted spam filter source and from any SMTP
AUTH clients in the field.

>> While a firewall solution might seem the logical choice, it isn't here.
>> The reason is that the users in each domain need to be able to see
>> mail.abc.com or mail.xyz.com as their outgoing SMTP server which they
>> relay through via SMTP auth.
>>
>> and why would a firewall stop that from happening? unless i dont quite get
>> what you are saying, a firewall should work, depending of course on how you
>> set it up
>>

A firewall can (a) stop all mail or (b) allow trusted hosts or (c) allow
all mail.

A firewall, to my knowledge, doesn't have the capacity to understand
SMTP AUTH. If I'm wrong, enlighten me.

I need a solution which will stop all mail to the host mail.domain.com
EXCEPT for (a) the trusted spam filter host and (b) anyone who
authenticates against the domain using SMTP AUTH. They should be
allowed to relay through their SMTP server or send mail to other users
on the domain.

>> So, I need to know how to disable the ability to receive mail for local
>> domains EXCEPT from a trusted source (the spam appliance box).
>>
>
>
> I would assume that the smtp servers receive/send email from the spam
> filtering machines! If this is the case, then allow only the spam filtering
> devices to send emails to your smtp servers
>

As noted above, this prevents the users on the domain from using their
default SMTP server: mail.domain.com.

> Further,
>
>> I need to allow SMTP AUTH clients to relay mail through their respective
>> domains.
>>
>>
>
> i dont quite get 'relay mails through their respective domains'
>
>

Hopefully I've cleared that up above, but to reiterate: user@???
was told to utilize mail.domain.com as the POP3 and SMTP server. They
have to be able to relay through their SMTP server using SMTP AUTH.

>> A firewall simply shuts off all SMTP traffic including SMTP auth unless
>> I know all the "trusted sources" which is basically moot given roaming
>> customers.
>>
>>
>
> Then you are not configuring your firewall well...open the respective ports
> required for mail. But this wont solve your problem.
>

As noted above, it's not a firewall configuration issue. Obviously I
can open port 25, and I can open port 25 only to a trusted host. But I
need to FURTHER allow port 25 for SMTP AUTH clients.

>> How can this be done?
>>

So the question remains: how can this be done?


Thanks for any practical help anyone can offer.