[xmail] SMTP-Relaying only from Authorized Destinations?
Hello List, because of the amount of Virus-Emails we are facing a major problem now. First let me explain our current MX-Constellation: - Mail for exmaple.com has MX-Entries to mx.waaf.net - mx.waaf.net are several machines running postfix/virusscanner - if the email passes all tests it is delivered to the final destination machine running xmail - [EMAIL PROTECTED] also sent email through this xmail-box. Now there are more and more viruses that don't care about MX-Records and drectly try to deliver mail for [EMAIL PROTECTED] to mail.exmaple.com. Mail.example.com resolves to the xmail-box. My solution to get rid of this non-filtered Virus-Emails is to only allow SMTP-connections to the xmail-box from our subnets, where the mx.waaf.net machines are located _AND_ from authorized IP-adresses (SMTP-AUTH, POP-before-SMTP). I just tried to use smtp.ipmap.tab - but with the result that only the mentioned subnets where allowed to relay and authoriezed IP-adresses where denied. Does anybody have a hint? Thanks a lot, Achim - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SMTP-Relaying only from Authorized Destinations?
On Tuesday 06 December 2005 09:54, Achim Schmidt wrote: > Hello List, > > because of the amount of Virus-Emails we are facing a major problem now. > First let me explain our current MX-Constellation: > > - Mail for exmaple.com has MX-Entries to mx.waaf.net > - mx.waaf.net are several machines running postfix/virusscanner > - if the email passes all tests it is delivered to the final destination > machine running xmail > - [EMAIL PROTECTED] also sent email through this xmail-box. > > Now there are more and more viruses that don't care about MX-Records and > drectly try to deliver mail for [EMAIL PROTECTED] to mail.exmaple.com. > Mail.example.com resolves to the xmail-box. > > > My solution to get rid of this non-filtered Virus-Emails is to only > allow SMTP-connections to the xmail-box from our subnets, where the > mx.waaf.net machines are located _AND_ from authorized IP-adresses > (SMTP-AUTH, POP-before-SMTP). > > I just tried to use smtp.ipmap.tab - but with the result that only the > mentioned subnets where allowed to relay and authoriezed IP-adresses > where denied. I don't have an XMail solution to your problem, but if it were up to me I would prefer to handle this with DNS or firewall changes anyway. Idea 1 - Delete the "mail" CNAME (or change the host name and A record) for the example.com server. Assign a less obvious name like smtp42 and have the authorized clients use the smtp42 alias. Idea 2 - Adjust the firewall rules on mail.example.com to only allow port 25 connection from the authorized IPs and reject everything else. Idea 3 - If your server supports it, use DNAT on mail.example.com to forward port 25 traffic to mx.waaf.net. Jeff - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SMTP-Relaying only from Authorized Destinations?
As smtp-imap.tab takes precedence, you can't use it First possible solution : Use server.tab "SmtpConfig" variable setting it to "mail-auth" and ask your mx servers to use authentication too to send to the xmail box Second possible solution : Create a filter.pre-data type filter that test (pseudo-language ...) : if "@@REMOTEADDR" IS OK (compare to a list of ips) Accept; else Reject; and in the filter.pre-data.tab file put a line like : "!eax"[TAB]"myfiltercommand"[TAB]"@@REMOTEADDR"[NEWLINE] (bypass filter if authenticated) The filter can be a simple shell script ... Francis > -Message d'origine- > De : Achim Schmidt [mailto:[EMAIL PROTECTED] > Envoyé : mardi 6 décembre 2005 15:55 > À : xmail@xmailserver.org > Objet : [xmail] SMTP-Relaying only from Authorized Destinations? > > > > > Hello List, > > because of the amount of Virus-Emails we are facing a major > problem now. > First let me explain our current MX-Constellation: > > - Mail for exmaple.com has MX-Entries to mx.waaf.net > - mx.waaf.net are several machines running postfix/virusscanner > - if the email passes all tests it is delivered to the final > destination > machine running xmail > - [EMAIL PROTECTED] also sent email through this xmail-box. > > Now there are more and more viruses that don't care about > MX-Records and > drectly try to deliver mail for [EMAIL PROTECTED] to mail.exmaple.com. > Mail.example.com resolves to the xmail-box. > > > My solution to get rid of this non-filtered Virus-Emails is to only > allow SMTP-connections to the xmail-box from our subnets, where the > mx.waaf.net machines are located _AND_ from authorized IP-adresses > (SMTP-AUTH, POP-before-SMTP). > > I just tried to use smtp.ipmap.tab - but with the result that only the > mentioned subnets where allowed to relay and authoriezed IP-adresses > where denied. > > Does anybody have a hint? > > > Thanks a lot, > > Achim > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SMTP-Relaying only from Authorized Destinations?
Did you make sure to set the first line of your smtp.ipmap.tab files to: "0.0.0.0" [tab] "0.0.0.0" [tab] "DENY" [tab] "1" -Mike - Original Message - From: "Achim Schmidt" <[EMAIL PROTECTED]> To: Sent: Tuesday, December 06, 2005 6:54 AM Subject: [xmail] SMTP-Relaying only from Authorized Destinations? Hello List, because of the amount of Virus-Emails we are facing a major problem now. First let me explain our current MX-Constellation: - Mail for exmaple.com has MX-Entries to mx.waaf.net - mx.waaf.net are several machines running postfix/virusscanner - if the email passes all tests it is delivered to the final destination machine running xmail - [EMAIL PROTECTED] also sent email through this xmail-box. Now there are more and more viruses that don't care about MX-Records and drectly try to deliver mail for [EMAIL PROTECTED] to mail.exmaple.com. Mail.example.com resolves to the xmail-box. My solution to get rid of this non-filtered Virus-Emails is to only allow SMTP-connections to the xmail-box from our subnets, where the mx.waaf.net machines are located _AND_ from authorized IP-adresses (SMTP-AUTH, POP-before-SMTP). I just tried to use smtp.ipmap.tab - but with the result that only the mentioned subnets where allowed to relay and authoriezed IP-adresses where denied. Does anybody have a hint? Thanks a lot, Achim - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SMTP-Relaying only from Authorized Destinations?
The "mail-auth" setting in server.tab may be what you're after, but I don't know if it overrides smtprelay.tab or not. -John Achim Schmidt wrote: >Hello List, > >because of the amount of Virus-Emails we are facing a major problem now. >First let me explain our current MX-Constellation: > >- Mail for exmaple.com has MX-Entries to mx.waaf.net >- mx.waaf.net are several machines running postfix/virusscanner >- if the email passes all tests it is delivered to the final destination >machine running xmail >- [EMAIL PROTECTED] also sent email through this xmail-box. > >Now there are more and more viruses that don't care about MX-Records and >drectly try to deliver mail for [EMAIL PROTECTED] to mail.exmaple.com. >Mail.example.com resolves to the xmail-box. > > >My solution to get rid of this non-filtered Virus-Emails is to only >allow SMTP-connections to the xmail-box from our subnets, where the >mx.waaf.net machines are located _AND_ from authorized IP-adresses >(SMTP-AUTH, POP-before-SMTP). > >I just tried to use smtp.ipmap.tab - but with the result that only the >mentioned subnets where allowed to relay and authoriezed IP-adresses >where denied. > >Does anybody have a hint? > > >Thanks a lot, > >Achim > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
