Allow only unauthenticated e-mail from specific set of IP's

[evharten]

Is it possible to allow only email from an specific set of IP's to the server?

eg. only 1 IPv4 and 1 IPv6 address that is allowed to do unauthenticated email delivery ( mailscanner server ).
And the users can only do authenticated from any ip they wish

 

[mxroute]

You could put the IPs in /etc/virtual/whitelist_hosts_ip to bypass any checks against the mail since you're doing them outside of it. Perhaps you could then firewall off port 25 to any IPs but the ones running the mailscanner server.

One thing I do want to note is that MailScanner seems nice, but it's really just glorified SpamAssassin. I haven't personally found a benefit for it beyond the impression it gives, which seems to leave people with the feeling that more is being done to prevent inbound spam. Perhaps it could save memory on the host though, if that's an issue.

 

[evharten]

You could put the IPs in /etc/virtual/whitelist_hosts_ip to bypass any checks against the mail since you're doing them outside of it. Perhaps you could then firewall off port 25 to any IPs but the ones running the mailscanner server.

One thing I do want to note is that MailScanner seems nice, but it's really just glorified SpamAssassin. I haven't personally found a benefit for it beyond the impression it gives, which seems to leave people with the feeling that more is being done to prevent inbound spam. Perhaps it could save memory on the host though, if that's an issue.

Using the eFa-Project, which has a bit more then only spamassassin, i know Mailscanner is purely an wrapper for spamassassin

For port 25 i do not want to block it completely, since people can use it and authenticate, (starttls for instance)
However i only want to accept unauthenticated email from the specific set, so whitelist would be possible, but then i'll have to block of everything else that isnt authenticated.
I am not that far in the exim configuration, mostly worked with Postfix