The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

block incoming mail in exim for specific domains except from 1 ip

Discussion in 'E-mail Discussions' started by hostmedic, Feb 22, 2009.

  1. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    Greetings friends:

    After a nice long search - both here and some other forums - I am just not sure of the fix - so figured I would come here and ask...

    We are now providing an Anti-Spam appliance above our shared servers.
    For clients that purchase this service - we want to do the following

    1. Change the Clients mx record to use the anti-spam appliance (easy enough)
    2. block all incoming mail that comes direct to the server unless it is within an ip range and/also the anti-spam appliance.

    The trick of just blocking port 25 will not work - because the mail server will be used by other domains that are not subscribing to the anti-spam service.
     
  2. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    firewall worked

    funny - found this old posting.
    A simple firewall setting worked just fine.
     
  3. chuza

    chuza Well-Known Member

    Joined:
    Jul 4, 2008
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    wats the exact rule you applied
     
  4. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    depends on what firewall your using -

    in short - just block all access to port 25
    and then whitelist the ip you want mail from

    That would bypass your firewall setting of course...

    what firewall are you using - be easiest then to tell you the rule


    If iptables this should help



    SMTP is used to send mail. Sendmail, & Exim (both on cPanel) use the TCP port 25. Following two iptable rule allows incoming SMTP request on port 25 for server IP address 1.2.3.4 (open port 25):

    In order to block port 25 simply use target REJECT instead of ACCEPT in above rules.

    And following two iptables rules allows outgoing SMTP server request for server IP address 1.2.3.4:


    this should work as well - but just simply blocks completely

    Code:
    iptables -A INPUT -s 0.0.0.0 --dport 25 -j DROP
     
  5. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    We use an Exim ACL.

    Directly under the line "check_recipient:" in advanced Exim conf...

    Has been working great for a couple of years now. Any host trying to make a direct connection will receive a "550 You may not make direct SMTP connections to this host" and it will be logged in exim log file as "untrusted host". It allows authenticated users to relay through and those IP's specified.
     
Loading...

Share This Page