Lloyd Zusman wrote:
Jay Lee <jlee <at> pbu.edu> writes:
Lloyd Zusman wrote:
[ ... ]
I'd like to be able to tell courier that this small handful of
internally known domain names from work be treated as being legal, even
though the DNS test fails for them in the "outside world" ... and that
all other mail from illegal domains still gets rejected.
What DNS is the Courier Server using? If it's under your control you
could make the domain names legal by setting up DNS zones for the
illegal domains. If you're not already using your own DNS server,
install BIND on your Courier server and have the server use itself for
DNS lookups (BIND itself can forward most lookups to your ISP or
whoevers DNS servers while responding authoritatively for the "illegal"
domains). If you go this route, I recommend you using something like
webmin (http://www.webmin.com) to configure BIND, makes it a lot easier.
Another possiblitity is getting the Courier server to use the same DNS
servers your internal work network uses that has details about the
illegal domains.
Jay
Thanks for your reply. I run my own dns service (tinydns), and I know
that I can put some bogus entries in my database for these domain names.
I was just wondering if there is a courier-only way of doing this.
The dns entries would have to be bogus, by the way, because there is no
way for anyone to access that company's internal dns from outside of their
firewall ... and rightfully so.
Hmm ... I thought of a way that I might be able to do this in courier:
I'm already using SPF, and I'm telling courier not to reject the mail when
SPF checks fail, but rather, to just have courier write the SPF-Received
headers, which I then check in some home-grown courierfilter modules. I
decide at that point whether to accept or reject the email.
What I might be able to do is to turn off BOFHCHECKDNS, and then within
my home-grown courierfilter, I can reject all sender domains which fail
SPF's dns check ... except that handful of internal domains from work.
The SPF change sounds overly complicated and it means your mailserver
will be accepting invalid mail in these cases. I wouldn't recommend it.
If you know the IP Addresses of the servers that are sending the invalid
email you may be able to use smtpaccess to turn off the dns checks for
these addresses:
x.x.x.x allow,BOFCHECKDNS=0
Try that and see if it works.
Jay
--
Jay Lee
Network / Systems Administrator
Information Technology Dept.
Philadelphia Biblical University
--
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
