From: Keith Matthews (no email)
Date: Sat Oct 01 2005 - 15:05:57 EDT
On Sat, 01 Oct 2005 14:52:48 -0400
Warrick FitzGerald <> wrote:
> >
> Was hoping not to have to explain this, but here goes:
>
> - The server receives mail for more than one domain
> - We use a SPAM filter service called MessageLabs
> - Mail for DomainA.com goes through MessageLabs and is then
> forwarded to InterfaceA on the mail server
> - Mail for all other domains go directly to InterfaceB
> - I have 2 instances of Postfix running on the server. One instance
> runs on InterfaceA and does not do any more SPAM checking. The other
> instance receives mail from the world and gets pushed through amavis.
> - So technically mail for DomainA.com should only be received on
> InterfaceA, as that's where MessageLabs forwards mail to. The firewall
> rules in front of InterfaceA also only allow port 25 connections from
> their network.
> - The problem is that some smarty pants spammers out there have
> figured out that you can connect to InterfaceB and inject mail for
> DomainA.com, technically bypassing the SPAM checks provided my message
> labs.
> - What I would like to do is tell the instance of Postfix on
> InterfaceB that if it receives mail for DomainA.com that it should
> reject it, as I know it should only be coming in on InterfaceA.
> Problem is that my external users connect to InterfaceB with their
> mail clients and DO need to be able to send mail to DomainA.com.
>
This is one of those moments when I wonder if I'm missing something.
If instance B is not supposed to accept mail for DomainA why have you
got DomainA in it's destination list (as you seem to have).
-- Due to excessive spam as a result of archiving of this list I only accept mail through the list server.
|
|
|