On Tue, Oct 7, 2008 at 6:46 AM, Exim List <[EMAIL PROTECTED]> wrote: > We have a machine with several domains. The MX record for these domains > is pointed to a spam filter appliance. > > Alas, spammers don't play fair. They choose to connect directly to the > IP address(es) of the domains on the box and still send their spam that > way. >
you lost me there.... if the the MX records are the spam filter appliances... how did they get the IP addresses of the actual smtp servers... > While a firewall solution might seem the logical choice, it isn't here. > The reason is that the users in each domain need to be able to see > mail.abc.com or mail.xyz.com as their outgoing SMTP server which they > relay through via SMTP auth. > and why would a firewall stop that from happening? unless i dont quite get what you are saying, a firewall should work, depending of course on how you set it up > So, I need to know how to disable the ability to receive mail for local > domains EXCEPT from a trusted source (the spam appliance box). I would assume that the smtp servers receive/send email from the spam filtering machines! If this is the case, then allow only the spam filtering devices to send emails to your smtp servers Further, > I need to allow SMTP AUTH clients to relay mail through their respective > domains. > i dont quite get 'relay mails through their respective domains' > > A firewall simply shuts off all SMTP traffic including SMTP auth unless > I know all the "trusted sources" which is basically moot given roaming > customers. > Then you are not configuring your firewall well...open the respective ports required for mail. But this wont solve your problem. > How can this be done? > > Also, it would be preferable to be able to do this on a domain by domain > basis rather than server wide. If it can't be done that way, server > wide is still better than what we have now. > You may need to look at your design again. It sounds more like a design flaw than a configuration problem. When you get the design figured out and one that works well for what you want to do, the configuration falls into place pretty fast. Regards, -- Mike Of course, you might discount this possibility, but remember that one in a million chances happen 99% of the time. ------------------------------------------------------------ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
