Mike Barnard wrote: > On Tue, Oct 7, 2008 at 6:46 AM, Exim List <[EMAIL PROTECTED]> wrote: > > >> We have a machine with several domains. The MX record for these domains >> is pointed to a spam filter appliance. >> >> Alas, spammers don't play fair. They choose to connect directly to the >> IP address(es) of the domains on the box and still send their spam that >> way. >> >> > > you lost me there.... if the the MX records are the spam filter > appliances... how did they get the IP addresses of the actual smtp > servers... > We migrated these domains to our server from an acquisition. I'm presuming that many spammers look for mail.domain.com as a valid hostname anyway -- even without previous history of sending to that address. In this case, the mail.domain.com was the MX for many of these domains so they already have the history of sending to mail.domain.com.
So, us changing the MX record to a separate filtering appliance doesn't force a spammer to use that appliance. They simply continue to send to mail.domain.com instead. We want to prevent that by disallowing SMTP traffic except from the trusted spam filter source and from any SMTP AUTH clients in the field. >> While a firewall solution might seem the logical choice, it isn't here. >> The reason is that the users in each domain need to be able to see >> mail.abc.com or mail.xyz.com as their outgoing SMTP server which they >> relay through via SMTP auth. >> >> and why would a firewall stop that from happening? unless i dont quite get >> what you are saying, a firewall should work, depending of course on how you >> set it up >> A firewall can (a) stop all mail or (b) allow trusted hosts or (c) allow all mail. A firewall, to my knowledge, doesn't have the capacity to understand SMTP AUTH. If I'm wrong, enlighten me. I need a solution which will stop all mail to the host mail.domain.com EXCEPT for (a) the trusted spam filter host and (b) anyone who authenticates against the domain using SMTP AUTH. They should be allowed to relay through their SMTP server or send mail to other users on the domain. >> So, I need to know how to disable the ability to receive mail for local >> domains EXCEPT from a trusted source (the spam appliance box). >> > > > I would assume that the smtp servers receive/send email from the spam > filtering machines! If this is the case, then allow only the spam filtering > devices to send emails to your smtp servers > As noted above, this prevents the users on the domain from using their default SMTP server: mail.domain.com. > Further, > >> I need to allow SMTP AUTH clients to relay mail through their respective >> domains. >> >> > > i dont quite get 'relay mails through their respective domains' > > Hopefully I've cleared that up above, but to reiterate: [EMAIL PROTECTED] was told to utilize mail.domain.com as the POP3 and SMTP server. They have to be able to relay through their SMTP server using SMTP AUTH. >> A firewall simply shuts off all SMTP traffic including SMTP auth unless >> I know all the "trusted sources" which is basically moot given roaming >> customers. >> >> > > Then you are not configuring your firewall well...open the respective ports > required for mail. But this wont solve your problem. > As noted above, it's not a firewall configuration issue. Obviously I can open port 25, and I can open port 25 only to a trusted host. But I need to FURTHER allow port 25 for SMTP AUTH clients. >> How can this be done? >> So the question remains: how can this be done? Thanks for any practical help anyone can offer. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
