009/1/2 Frank DeChellis <frankd@???>:
>
> Can anybody offer me a quick set of rules that would compare the ip source
> of an email listed in local_domains vs the Ips in relay_from_hosts? This is
> for mail coming in from outside?
>
> Sort of this line of thinking:
> 1. Is the domain of the email listed in local_domains?
> 2. Yes? Ok, is the source IP listed in relay_from_hosts?
> 3. Yes? Move one
> 4. No? Reject it.
Logic looks good. Bear in mind you'll probably have a few false
positives - mail sent from some websites deliberately 'forges' the
sender address (probably bad practice, but it might be important to
you), and road-warrior mail sent from an external source to local
addresses with local sender address.
>
> I'm trying to stop the avalanche of emails pretending to come from our
> system that are avoiding or spam filter.
>
> I'm thinking it goes under acl_smtp_data
>
> deny message = local domain sent from illegal host
> sender_domains = +sender_domains
> hosts = !+relay_from_hosts
>
> Am I on the right track?
Definitely. I'd put it in the RCPT ACL to deny the mail as early as
possible. Oh, and calling the domainlist '+sender_domains' is either
confusing, illegal or both, not sure which.
Peter
--
Peter Bowyer
Email: peter@???
Follow me on Twitter: twitter.com/peeebeee
