Ricardo Kleemann writes:
Hi Sam,Thank you for your reply.Actually what I'm trying to do is have one of the domains point the MX directly to the "real" server (so that it bypasses the "proxy" server -- it's actually an anti-spam server). The other domains the MX points to the anti- spam server.
Well, if that's the only domain with an MX to this server, then it shouldn't get any mail for any other domain, except the mail you're manually esmtprouting from your proxy server.
If your objective is to prevent hostile senders from sending mail directly to your real server, then how exactly do you expect any such hostile party to arrive at the conclusion that the one IP address out of 3+ billion is the real mail server for a particular domain. Your public MX record for the domains in question point to your proxy server. The fact that the public MX for your domains points to a server that internally forwards all mail for that domain somewhere else, is not something that would be publicly known.
Only users of your real server would have that knowledge; and perhaps anyone that looks at the full headers of mail received by any user on that domain. I'm not sure you really have much to worry about, here.
Now, I think you might be able to cobble together a custom script using the perlfilter API. A perlfilter has access to the contents of the received message, include the Received: header, from which the sending IP address can be retrieved. The perlfilter would also have the access to the control file, which lists the message's recipients. It could use that knowledge to look at a mail's recipients and the IP address it came from, and figure out if it wants to reject it. Note that it would also be looking at non-SMTP mail too, mail originating from the server submitted locally.
You might want to look at this approach.
pgpsajB8JXnfo.pgp
Description: PGP signature
------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
