[Mimedefang] Rejecting mail only for non-authenticated users?
mimedefang at phroggy.com
Tue Aug 21 04:54:38 EDT 2007
I've got some great custom rules developed to reject messages based
on the sender's IP address (or reverse DNS hostname). I put these in
filter_relay, and they're working great. But then I realized... I
use the same server to handle incoming e-mail from other servers on
port 25, and authenticated e-mail from my users on port 587 (sent
with encryption and authentication). If one of my users happens to
be connecting from an IP address I don't want to accept spam from,
how can I determine whether I'm dealing with an authenticated user or
I'm assuming this can't be done from filter_relay, but I'd be happy
to move the code to filter_recipient if I can do it from there. The
important thing is that I want to reject the connection before
receiving the DATA.
I could simply test the envelope sender's domain, but I want my users
to be able to send mail from any e-mail address they like as long as
they're authenticated, so that's not good enough. If I could simply
distinguish between connections to port 587 vs. connections to port
25, that would be an acceptable alternative to distinguishing between
authenticated users and anonymous connections, but I'd prefer to
actually test for authentication. Connections from IPs on my local
subnet should count as authenticated even if they aren't really, but
I can test for that myself. Basically, any connection that Sendmail
would accept relaying from, I want to trust too.
Any insight would be most appreciated.
More information about the MIMEDefang