Scalix Forums

Hi all,

I was wondering how to only accept mail from specific mailserver.

I think I have to edit the smtpd.cfg and then restart the smtpd service.
What I would add (I don't have any Accept lines right now) is an "Accept <ip-allowd-server>" line, but I don't really know if that would do the trick.

And if I have the Accept line can I than clear the Relay lines or do I have to switch the order (first accept than relay)?

Hope someone can tell me how this config-file works.

Regards,
Joost.

I've never tried this (because it's weird ), but you should be able to do something like deny *, accept <ip>

It'd be up to you to test it to death though.

Hi schmoe90,

I am curious, why is this weird? It seems to me the simplest way to secure our Scalix server.

We use a third party spam/anti-virus server to which our MX records are pointing. That server is the only server that should deliver email to our Scalix server. By excluding the rest of the world it seems to me a secure solution.

If it is furthermore possible to then only accept emails for the domains we are hosting (local domains) it should be really secure.

Or am I missing something?

Regards,
Joost.

While writing the above message, I came up with another solution to achief the fine grained control I would like.

First exclude the rest of the world by only allowing SMTP trafic from the spam/anti-virus server on the corporated firewall.

Then set relay and accept rules in the smtpd.cfg file. Could this be a good file:

# NB Authenticated RELAYs are always allowed
RELAY accept 127.0.0.1
RELAY accept .localdomain1.xx
RELAY accept .localdomain2.xx
RELAY Log_Reject ALL

# extra rules added to prevent open relay usage
RECIPIENT Log_Reject *@*@*
RECIPIENT Log_Reject *%*
RECIPIENT Log_Reject *!*
RECIPIENT Log_Reject *#*@*

Regards,
Joost

Hi

Although this is possible in Scalix that sort of operation would be better handeled by your firewall at the perimeter.

firewall rule

allow spamfilter.com:25

Type rule

Mike