To prevent senders from bypassing filtering mail servers by connecting directly to mail.something.com mail servers, I would like something.com mail servers be locked down so that they only accept SMTP traffic from the filtering mail servers. I could do this via APF firewall, however I don't want to do that for the whole server, just the domain that's using the filtering mail servers.
Accept SMTP traffic from a cetain IP/subnet
- Thread starter CrazyLane
- Start date
nobaloney
NoBaloney Internet Svcs - In Memoriam †
SMTP doesn't accept mail at the domain level, but only at the IP level.
Anyone sending email should be sending it to those other servers, because of the MX records you set up.
But spammers sometimes ignore MX records and send directly to the A record.
So the easiest way to change it would be to give this site it's own IP#. Then block all port 25 traffic to that IP#. The filtering mail servers can send mail to the main server IP#.
This should work.
Jeff
Anyone sending email should be sending it to those other servers, because of the MX records you set up.
But spammers sometimes ignore MX records and send directly to the A record.
So the easiest way to change it would be to give this site it's own IP#. Then block all port 25 traffic to that IP#. The filtering mail servers can send mail to the main server IP#.
This should work.
Jeff