Jakob Hirsch wrote: > Quoting Odhiambo G. Washington: > > >>| them by SMTP AUTH or fixed IPs. That should give you the facility to >>Yes and yes. I already do that. However, it has not stopped spammers >>from connecting to it, which is why I am looking at this other option.
Well .. two things; - By itself, it doesn't stop a 'connect', but with other Exim settings it sure can shed that connect in a hurry - and with very little resource load. So say *my* logs anyway. - if you close or firewall port 25, or switch to port 24 (any private e-mail system) so that your appropriately-configured 'listed' mx can send you internal messages, spammers generally WON'T be able to connect to the stealth MSA box. > > > Ok, but what's the big deal about them connecting to your server? Are > they so many that you have excessive load or something? > > I think there's no reliable way to do what you want without client side > changes. If the latter would be ok, though, a good way is WB's > suggestion: Only allow incoming connections to 587 (and 465/smtps for > the u$ clients) and block people which are not trusted (IP) or > authenticated at MAIL FROM or RCPT TO. > MUA's should not be connecting on port 25 anyway. Setting them to use the submission port(s) has the added advantage of an improved environment for whatever percentage of your users travel outside of Kenya and/or have a Kenyan/other ISP or firewall blocking port 25. 'Trusted IP' for MUA should follow the same rule - use submission port(s). 'Trusted IP' for peer MX can be whitelisted or set up with a firewall divert rule if not "trusted-enough" to be in relay host status. And I do still believe that 'outbound' from this box should be relayed via your 'listed' mx so the IP and HELO match and are forward/reverse resolvable in an available DNS. If you think that does not matter, try sending me a message off-list from that box. Tell me on-list the time you did so, 'coz it won't reach delivery stage. I'll have to look in the logs for the 'blackhole' entry. Bite the bullet. Roll-out proper MUA settings, then configure to the standards. That might take months to finish, but once done, it is done. Configure a weird stealth MX, OTOH, and you are 'married' to it for life. HTH, Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
