Re: Exim accepting mail from specific hosts

To: Adam Dawes <adawes@clandestino.com>
Cc: debian-isp@lists.debian.org
Subject: Re: Exim accepting mail from specific hosts
From: Dave Watkins <debianisp@snorks.dyndns.org>
Date: Fri, 19 Dec 2003 17:55:59 +1300
Message-id: <[🔎] 3FE284DF.2090804@snorks.dyndns.org>
In-reply-to: <[🔎] 3FE21287.3020800@clandestino.com>
References: <[🔎] 3FE0FE13.7060304@clandestino.com> <[🔎] 3FE13C59.6090002@snorks.dyndns.org> <[🔎] 3FE21287.3020800@clandestino.com>

Adam Dawes wrote:

Yes, that was part of the plan, to point my mx records to my provider.Therefore, any connections to my port 25 should be from only folks thatare port scanning (sounds like a spammer to me). Think this is best doneas a firewall issue or via David's host_reject option?
thanks,
Adam

Dave Watkins wrote:
Configuring Exim to do this would seem like a bad idea, in that yourmachine then has to accept a connection to determine if you do in facteven want to accept the mail. Ideally you would get the MX record foryour domain pointing to your providers mail server (with perhaps abackup MX pointing to yours. That way under normal conditions mailwill be routed through your providers mail servers unless they aredown, and if they are down it will be routed to you. This willprobably require some configuration changes on your providers serversbut nothing major (just a routing line in a config file).
The other option would be to firewall off port 25 for inbound trafficunless it came from your providers mail server, although this is muchless elegant
Dave

Depends on what logging you want (or more precisly where you want itlogged) and the load you can handle. Also perhaps how often and how manyother connections you will want to allow (if any).

If you want to log all the failed connections and don't want another logto go through to see who's trying to connect then obviously letting eximdo it would be preferable, this is assuming your machine can handle theload of spawning exim processes for no real purpose other than loggingbut I don't think that would be a problem. This would also be better ifyou want to allow some server(s) to connect directly otherwise you willhave to maintain firewall setup that will get more and more complicatedas the number of allowed hosts increases.

If you're not concerned about logging or are happy to log to anotherfile, and you won't be recieving mail from anyone other than this singlehost then a firewall would probably be the better option.


Dave

Adam Dawes wrote:
Hi,
I've implemented a spam service where a provider is filtering all mydomain's mail before it hits my server. I want to lock down my mailserver so it only accepts mail from those machines to preventspammers from mailing directly to my host and doing directory harvests.
What do I need to stick in my exim.conf to accept mail from justthose hosts that will be processing my mail?
thanks,
Adam

Reply to:

References:
- Exim accepting mail from specific hosts
  - From: Adam Dawes <adawes@clandestino.com>
- Re: Exim accepting mail from specific hosts
  - From: Dave Watkins <debianisp@snorks.dyndns.org>
- Re: Exim accepting mail from specific hosts
  - From: Adam Dawes <adawes@clandestino.com>

Prev by Date: Re: Exim accepting mail from specific hosts
Next by Date: shopping cart software for woody
Previous by thread: Re: Exim accepting mail from specific hosts
Next by thread: Re: Exim accepting mail from specific hosts
Index(es):
- Date
- Thread