Spam bypassing 3rd-party spam filtering service.

[Deadlykris]

I've got a rather unique problem that I'm not sure how to solve. First, some background. I used to be the sole admin of a DirectAdmin-based web server with multiple domains hosted on it, owned and operated by a former employer. After the server suffered catastrophic failure last year, the owner of the company elected to pay a solution provider to host our domains and our customers' domains, rather than continue to do it himself.

When the server was under our control, sometime in a span of many years, somewhere I ran across a solution to a problem that we once again face. We subscribe to a spam filtering service called Reflexion. Some of our customers also subscribe to it, others don't. The service uses MX records to direct the mail for the domains which subscribe to the service, through their own mail servers where their spam filters run, and then the mail is delivered to the server.

Somehow I had set something, some rule in some service, which would drop, reject, or otherwise prevent emails for specific domains if they did not originate from the IP address of the spam filter server. Does anyone know how I might have done such a thing? I don't think it was an iptables rule because that seems way too specific for that (if this was a server where all domains used the spam filter service, that would be different, but the old one wasn't, and neither is the new one).

Any help is appreciated.

We do have access to the entire filesystem of the old server, but the system cannot boot.

 

[nobaloney]

I've been thinking about this a lot during the past few days, because spammers use it to get around outside mx-based external anti-spam filtering services and deliver right to the user's email boxes, using the A record for example.com and for www.example.com.

This can be resolved if you're running your own server with two simple iptables rule; one allowing port 25 inbound traffic only from a specific IP#, and then another dropping all other port 25 inbound traffic.

The problem occurs when you're trying to do this on a shared server hosting email for other clients as well; you can't block port 25 traffic for everyone, and I don't think you can block port 25 traffic only for only one client using iptables.

The easiest way I can think of to do this is if the client or clients using the external spamblocking service are on their own VPS or dedicated server.

Anyone else come up with an idea?

Jeff

 

[Deadlykris]

The thing that gets me the most is that before we switched from self-hosting to NoBaloney, we had the problem solved, but I can't remember how. I'm increasingly certain that it wasn't iptables rules. It may have been some sort of authentication rules, where mail for the protected domains had to either come from a certain IP address or use a username and password. But I'll be damned if I know how to set that up.

 

[nobaloney]

Thinking more about it, there may be a way to do it directly in exim.conf, and hopefully, so, because it would use a lot less resources. We'd be happy to make a one-time customization to the file for you as long as it wouldn't affect other clients on the same shared server. Perhaps you should ask the exim-users mailing list.

Jeff