[IMGate] Re: imgate/imail blocking

Wed, 23 Jun 2004 08:43:10 -0700 

- header rules? If using declude you have more power.
  Sender-IP =3D (local ips): moveto mailbox=3Dmain
  Otherwise moveto mailbox=3DNUL
  Not sure if you can detect for smtp auth though.. Or even www.
   I don't like rules for this... Prefer to just block them at the
firewall (reduce the load on your mailbox!)

- Add a 2nd IP to Imail. Host all non-filtered domains on the current
IP, move all filtered domains to the new ip in DNS. Block the new imail
ip/25 in the firewall=20

- Block all 25 to imail, send all domains to imgate.=20
  If you have clients that smtpauth, setup SASL in postfix and export
imail user/pass lists
  smtpd_recipient_restrictions =3D=20
   permit_my_networks,
   reject_unauth_destintation,
   hash:/etc/postfix/skip_domains.map,
    ... Imgate restrictions.

Skip_domains.map would contain=20
Unfiltered-domain.com OK

Depending on how your virus scanning is setup you can probably setup
away to skip it as well.





-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Mitch Planck
Sent: Wednesday, June 23, 2004 10:18 AM
To: '[EMAIL PROTECTED]'
Subject: [IMGate] imgate/imail blocking

I've got a good working imgate/imail (8.05) setup that we use for
clients and I've been happy with it except I've recently started having
a problem that I'm trying to figure out.=20

We charge extra for mail to route through the imgate server with the
spam/virus scanning so many of our email domains don't use that service.
What I've started seeing recently is spammers using the A record to send
mail to instead of the MX record thereby bypassing the scanning process.
The A record will be mail.domain.com and the MX will be imgate.ias.net.
I can't block the A record on the firewall since we use virtual IP
addresses on the imail server and all our domains on that server use the
same IP address.=20

I'm trying to come up with a way to use the inbound rules on imail to
block but I haven't been able to come up with a rule that works. If I
just block if imgate.ias.net is not in the header then mail from
[EMAIL PROTECTED] to [EMAIL PROTECTED] on the server gets
blocked, therefore the rule has to include an exception for that
circumstance. If I put in from address that doesn't work because that is
so easily spoofed.

Can anyone think of a rule that might be a little more secure or another
method entirely that might work?

Thanks in advance,
Mitch Planck

Reply via email to