Limit incoming email accpected from IP range only

Hi,

I have purchased a hosted SPAM filtering solution. Basically I'm supposed to change my MX record to use their serves only, removing the cPanel server from my DNS zone. This is supposed to force all email to look up the MX for a domain, who will find the filtering solution, to deliver email to. The filtering solution will then deliver the filtered email to my server. The only flaw in this is that some SPAMMERs will will do a port scan or just assume that that the A record for the domain will also accept email form anyone. So they attempt to connect direclty to our server instead of using the MX record in the DNS zone. To stop this I want to have Exim only accept email for delivery from users that have authenticated via POP or the My server requeires authentication or a set range of IP's for the filtering solution.

Does any one have suggestions on how to do this? Allow users on the server to continue to use port 25 for their outgoing server but limit inbound connections for email deiivery to a range of IP addresses?

Currently my work around makes the assumption that all legitimate email will be coming from the filtering solution thus I have set Spam assassin to delete email with a spam scrore of 6 or more. The idea is that local users will not spam each other and only spammer will be direct connecting to the server. Even though this achieves one goal, I want to turn off SA when all users have been place on the new system.

Sincerely,
Mike

 

Hi,

I found the a solution. In WHM go to Main >> Service Configuration >> Exim Configuration Editor. Under "Access Lists" find the "Blacklist: Drop connections from defined IP Blocks upon SMTP connection" and click on the 'EDIT' link. Add this:

0.0.0.0/0

Then Click 'SAVE'

Now find, "Whitelist: Trusted Mail Hosts/Ip Blocks (bypass all smtp time checks except recipient verification)" un the same heading and click on the 'EDIT' link. Add this:

xxx.xxx.xxx.xxx - for a single domain
xxx.xxx.xxx.0/24 for entire block of IP addresses.

Then Click 'SAVE'.

That is it. Users will still be able to authenticate on port 25 to send email from your server while restricting all incoming email to be from a set IP or range of IP's.

Mike