I have a configuration with, perhaps, 60 post offices. Some of these have external spam solutions that block the spam before hitting our server. Ideally the server should only receive mail for these post offices from the spam filter source IP and nowhere else but I cannot do this (obviously) globally since not all of the post offices have a solution like this. Is it possible to configure SMTP to deny mail that comes from anywhere but specific IPs on a post office by post office basis?
Thanks!
Lock inbound to 1 IP for 1 postoffice
-
MailEnable-Ian
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Lock inbound to 1 IP for 1 postoffice
Hi,
No there is only a global "Access Control" list for SMTP where you can grant and deny IP addresses.
No there is only a global "Access Control" list for SMTP where you can grant and deny IP addresses.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Lock inbound to 1 IP for 1 postoffice
I think this is a horrible failing. Half my postoffices are on a spam filter, half are not. Those that are still get spam because I cannot block the IP connecting to send them the spam (bypassing the filter) without cutting off those that do not have a filter. This leaves the server open to spam regardless of the various postoffice's subscriptions.
Can you think of any way to facilitate this?
Can you think of any way to facilitate this?
-
MailEnable-Ian
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Lock inbound to 1 IP for 1 postoffice
Hi,
One way which may work for you, is by forcing all incoming connections to that postoffice to require authentication. This will prevent any other inbound connection that does not authenticate to fail. Remote mail servers will not know the authentication details and thus spammers will not be able to send messages. The server may still be hit with inbound connections that fail authentication but if you have the "Abuse detection and prevention" option enabled the IP address trying to abuse the service will be banned after 10 invalid attempts.
You will need to consult within the spam gateways services documentation on how to configure authentication.
The steps to enable this in MailEnable are:
1. Navigate within the MailEnable administration console to: Servers > Localhost > Servers and Connectors > SMTP.
2. Right click on SMTP and select properties.
3. Next navigate to the "Advanced SMTP" tab.
4. Use the drop down menu for the "Inbound Authentication" and set the option to "Authentication determined by postoffice".
5. Next navigate to the target postoffice and right click on the postoffice and select properties.
6. Navigate to the "Restrictions" tab and tick the option for "Any emails to this postoffice must come from authenticated connections".
7. Restart the SMTP service and test.
We are looking into better solutions to block IP's at the postoffice level but don't have any time frame when this will be available.
One way which may work for you, is by forcing all incoming connections to that postoffice to require authentication. This will prevent any other inbound connection that does not authenticate to fail. Remote mail servers will not know the authentication details and thus spammers will not be able to send messages. The server may still be hit with inbound connections that fail authentication but if you have the "Abuse detection and prevention" option enabled the IP address trying to abuse the service will be banned after 10 invalid attempts.
You will need to consult within the spam gateways services documentation on how to configure authentication.
The steps to enable this in MailEnable are:
1. Navigate within the MailEnable administration console to: Servers > Localhost > Servers and Connectors > SMTP.
2. Right click on SMTP and select properties.
3. Next navigate to the "Advanced SMTP" tab.
4. Use the drop down menu for the "Inbound Authentication" and set the option to "Authentication determined by postoffice".
5. Next navigate to the target postoffice and right click on the postoffice and select properties.
6. Navigate to the "Restrictions" tab and tick the option for "Any emails to this postoffice must come from authenticated connections".
7. Restart the SMTP service and test.
We are looking into better solutions to block IP's at the postoffice level but don't have any time frame when this will be available.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Lock inbound to 1 IP for 1 postoffice
This may be perfect. Thanks for the help!
Re: Lock inbound to 1 IP for 1 postoffice
Well the spam filtering system does not support authenticated connections so I am back to blocking via a filter. I hope the IP blocking by postoffice feature makes it into the system as a new feature!
