Reject delivery for non-authenticaded users

[pauloraca]

Hello, folks!

I've been having a lot of headache with spam, so, a few days ago, I decided to put an external spam filter on my domain.

Now, e-mails to someone@domain.com are directed to the spam filter, and, if they're "clean", they're forwarded to the actual server.

The problem is that some spammers are connecting directly to our server (Their DNS lookup might use the "A record" instead of "MX record"?), and their messages are delivered without being filtered.

Now, finally, the question:
How do I do to allow the delivery of messages just from mailfilter.domain.com or from authenticaded users?

I could realized how to deny just some specific hosts, using access.db, but I want exactly the oposite

Thanks

 

[RhythmAce]

There are a couple things you can do. First, you want to use some type of authentication for smtp. By default, only POP3 server checks for a user/password combo before responding to the request for ones mail. This is not an ideal situation because smtp mail gets handled before pop3. It's kind of like closing the barn door after the cows got out. One way to fix this is by using smtpauth. This will cause the smtp server to require authentication before mail is passed through the server. There are more than one thread here where I explained how to do this but if you have trouble finding it, I will find the link for you or explain it to you. This will prevent your system from becoming an open relay but you wanted to know if there is anything you can do about spam. The filter is fine for detecting spam but there is also times when your server gets flooded with mail to users who don't exist. This in turn seems to get sent to the postmaster (root). What I do for smaill domains is create a virtusertable for each domain. A virtuser table is vary easy to create. It is simply a list of email accounts and the user who that mail belongs to or the address you want that mail sent to. For example here is what a line would look like:

joe@domain1.com joe
jane@domain1.com jane@otherdomain.net
@domain1.com error:nouser This server does not allow spam!

Joe has his mail sent to his system mailbox on the server. Jane gets her mail sent to her other email account. Notice the third line. This is called a catch-all. If mail for a user comes in and no match is found, it falls through to the catch-all. In this case the mail is rejected a returns are error message that says "This server does not allow spam!". Have a catch-all for each of your domains. When you are done, you will need to execute this command:

makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable

You can have all the domains you host in the same virtuser table.

 

[DanielSwan]

Hi Rhymnace,

Thank you for your reply. Although your solution does technically fit the stated requirements, I do not think it will really work for my situation: There will be intra-company users who will try to mail this domain, and I need them to know that the domain itself is no longer open for business - A spamblock reply may cause unnecessary confusion at their end.

It is good to have this option, though... I do hope that Something a little cleaner comes up, though.