External spam filtering, incoming IP restriction

Posts: 12
Joined: Thu Apr 07, 2011 1:10 am

External spam filtering, incoming IP restriction

Postby whodkne » Wed Mar 29, 2017 9:17 pm

We are using spamhero.com as a provider. To prevent rogue spam bypassing the MX records we need to lock down the incoming SMTP connections ONLY for the customers who have subscribed to this service.

For our MDaemon hosting we can easily bind each postoffice to an IP address. So all spam filter domains are on one IP and all other domains are on a separate IP, only two IPs needed. Our perimeter firewall restricts incoming SMTP to only the spamhero.com MTA ip address ranges for the spam filter domains. This way MDaemon will only accept email for the spam filter domains from spamhero.

For MailEnable we had to end up with an advanced filter configuration like so:

Code: Select all

If CriteriaMet([ME_IPADDRESS],"108.60.195.*") OR _
  CriteriaMet([ME_IPADDRESS],"208.53.48.*") OR _
  CriteriaMet([ME_IPADDRESS],"X.X.X.*") OR _
  CriteriaMet([ME_FROM],"*@domain.com") OR _
  CriteriaMet([ME_HEADERS_CONTAIN],"*MailEnable WebMail*") OR _
  FilterResult = 0
End If

This allows spamhero IP addresses, our own IP address range, from the same domain or from webmail or a whitelisted IP. We needed all of these parameters to handle the various options since there didn't seem to be one way to handle them all:

  • Spamhero IP range
  • Internal user to another internal user over SMTP (does not leave the server so does not hit spam filter)
  • Internal user to another via WebMail

From what I understand we can not bind multiple domains to multiple IP addresses. So I am at a loss as to how to move forward with any scalability. We can not rely on these kinds of filters to handle this as it gets messy and prone to human error. Being able to flip a switch by moving a domain to one IP or another is easy and clear. Is there no other way to handle this scenario?

Posts: 1276
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

Re: External spam filtering, incoming IP restriction

Postby rfwilliams777 » Sun Jun 04, 2017 2:52 am

ME allows you to only allow authenticated connections. It also allows you to specific IP addresses if you want.
Robert Williams, Owner
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and get your first 2 months FREE!
We can be hired to help you with your Mail Enable server, too!

Who is online

Users browsing this forum: No registered users and 36 guests