Wow. That was easy. I had to change it a little to get it to work. The
script is now
deny message = Blocking incoming mail for domains blah blah
!hosts = 89.146.30.0/29
domains = "abc.com" : "xyz.com"
The quotes around the domain names are important. It didn't work without
them, so the filter itself works but every mail was blocked. After
adding the quotes, mail gets accepted properly. Now I have to wait for a
mail that gets send straight into the server. I'm sure it will get
blocked though.
Thanks!
Marco
lee wrote:
> On Sat, Nov 29, 2008 at 04:51:30PM +0100, Marco van Oostende wrote:
>
>> Basically, what I need is to check for both domains whether the IP
>> address where the mail comes from is within the IronPort range of
>> 89.146.30.0/29 (255.255.255.224), and reject anything else. But then,
>> only for these domains; all other domains should not be affected.
>
> When you take a look at acl_smtp_rcpt and $sender_host_address, it
> seems that you could put a check into that ACL to verify the IP
> address of the sending host against the range of IP addresses and to
> deny the mail from the sending host if it is for one of the domains
> that must not receive mail from any other IP addresses than those in
> the given range.
>
> Hm, having that said, it could even be something simple like
> this (added to acl_smtp_rcpt):
>
>
> deny !hosts = 89.146.30.0/29
> domains = abc.com : xyz.com
>
>
> ... but that's no more than a guess, I'd have to read the
> documentation carefully to figure it out. --- Of course, instead of
> putting the domains directly into the configuration file, you might
> want to use a lookup of some sorts to specify them.
>
> It is supposed to mean that if the IP of the sending host is not
> within the range 89.146.30.0/29 and if the recipient domain is either
> abc.com or xyz.com, then the message must be denied.
>
>