- header rules? If using declude you have more power. Sender-IP =3D (local ips): moveto mailbox=3Dmain Otherwise moveto mailbox=3DNUL Not sure if you can detect for smtp auth though.. Or even www. I don't like rules for this... Prefer to just block them at the firewall (reduce the load on your mailbox!)
- Add a 2nd IP to Imail. Host all non-filtered domains on the current IP, move all filtered domains to the new ip in DNS. Block the new imail ip/25 in the firewall=20 - Block all 25 to imail, send all domains to imgate.=20 If you have clients that smtpauth, setup SASL in postfix and export imail user/pass lists smtpd_recipient_restrictions =3D=20 permit_my_networks, reject_unauth_destintation, hash:/etc/postfix/skip_domains.map, ... Imgate restrictions. Skip_domains.map would contain=20 Unfiltered-domain.com OK Depending on how your virus scanning is setup you can probably setup away to skip it as well. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mitch Planck Sent: Wednesday, June 23, 2004 10:18 AM To: '[EMAIL PROTECTED]' Subject: [IMGate] imgate/imail blocking I've got a good working imgate/imail (8.05) setup that we use for clients and I've been happy with it except I've recently started having a problem that I'm trying to figure out.=20 We charge extra for mail to route through the imgate server with the spam/virus scanning so many of our email domains don't use that service. What I've started seeing recently is spammers using the A record to send mail to instead of the MX record thereby bypassing the scanning process. The A record will be mail.domain.com and the MX will be imgate.ias.net. I can't block the A record on the firewall since we use virtual IP addresses on the imail server and all our domains on that server use the same IP address.=20 I'm trying to come up with a way to use the inbound rules on imail to block but I haven't been able to come up with a rule that works. If I just block if imgate.ias.net is not in the header then mail from [EMAIL PROTECTED] to [EMAIL PROTECTED] on the server gets blocked, therefore the rule has to include an exception for that circumstance. If I put in from address that doesn't work because that is so easily spoofed. Can anyone think of a rule that might be a little more secure or another method entirely that might work? Thanks in advance, Mitch Planck