Re: [exim] how do I block mail to local domains except SMTP …

Top Page
Delete this message
Reply to this message
Author: Adam Roland
Date:  
To: Exim-users
Subject: Re: [exim] how do I block mail to local domains except SMTP auth or trusted source?
Is there any solution for your request?
My situation is the same as yours.

The last reply I understand was this;

hostlist my_mx_provider = 1.2.3.4 : 1.2.3.5
Add something like this in the rcpt acl:
accept hosts = +my_mx_provider
domains = +local_domains : +relay_to_domains

but i don't try!

On 2008-10-08 16:31, Exim List wrote:
> Mike Barnard wrote:
>
> >> I need a solution which will stop all mail to the host
> >> mail.domain.comEXCEPT for (a) the trusted spam filter host and (b)
> >> anyone who authenticates against the domain using SMTP AUTH. They
> >> should be allowed to relay through their SMTP server or send mail
> >> to other users on the domain.
> >>
> >>
> >
> >
> > as mentioned above, sending emails is not your problem here,
> > receiving spam is, unless your servers are open relays.
> >
> >
>
> Yes, sending (or receiving) e-mails *is* the problem. I do not want
> Exim to receive mail directly for mail.domain.com except from (a) the
> trusted MX server already in place and (b) clients of mail.domain.com
> who, of necessity, will need to relay through the mail server in
> order to send mail out to the Internet.
>
> Since (b) can come from anywhere, that is where allowing only SMTP
> auth comes in.
> > 1 -- Look at {white,black,grey}listing.
> >
> I don't want to white/black/grey list. I want to disallow period
> except for (a) and (b).
> > 2 -- You may need to run Spam Assassin or its equivalent on your
> > mail.domain.com servers to capture the spam that is not going
> > through your spam filtering devices.
> >
> Same response here.
> > 3 -- You can also add headers to the emails passing through your
> > spam filtering devices and pass them exclusively through your mail
> > server with no further checks.
> > 4 -- You may also pass all emails whose session has been
> > authenticated with no further checks.
> >
> >
> That's fine as long as I can stop the other SMTP cold at the door.
> > The other option, if your spam filtering devices permit it, is to
> > point all mx records to these filtering devices and have the
> > filtering devices forward the sessions to the respective
> > mail.domain.com server. This is a long short but it may work.
> >
> Uh, the MX for domain.com -is- the filtering device. Spammers don't
> care what an MX is if they can directly connect to the mail server
> the e-mail eventually gets to.
>
> Someone (Dave Lugo) wrote yesterday a concrete example which I have
> not had time to test yet due to a UPS battery issue taking my time.
> I hope to try it soon.
>
>
>