[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MX accept policy: problem



Matti and all,

[*] No, that is WRONG syntax:
[*]    [177.156.5.0]/24

Sorry, that syntax error was just a mail typo, in my smtp-policy.src i got
no such syntax error, <duh>.

My figure is quite simple, i will explain very simply what i want, and then
i am sure you will provide a quick and clarifying response.

I have some 100 big customers which use my ZMailer server as MX backup or
ETRN MX for their domains, this makes my smtp-policy.mx file huge and kind 
of complicated to maintain manually. I thought that since all those 150 
customers were grouped in only 5 different networks i could list those
'friendly' networks in my smtp-policy.src with some special rights
so they could use my zmailer server as MX, and then get rid of (eliminate)
my smtp-policy.mx file completely for easier administration.

I have been testing something like this in my smtp-policy.src:
# this is for protection
.                       relaycustomer - acceptifmx - senderokwithdns +
[0.0.0.0]/0             relaycustomer - acceptifmx - senderokwithdns +

[*] 	Yes, this is what for example  nic.funet.fi  runs with.
[*] 	This is all that an inbound MX processing is accepted.
[*] 	(recipient MX processing means testing for *domains*,
[*] 	 e.g. the last resort key will be '.')

# this is one of my 'friendly' networks

[177.156.5.0]/24	rejectnet - relaycustnet - relaytarget + acceptifmx +

Mail relaying from those networks is just fine, that is *not* the issue, ok.

The suffix solution is not what i need, since all those customers have
different domain suffixes and including them in my file would be the same
as maintaining smtp-policy.mx (the amount of entries would be the same).

With that configuration when i try to send email to someone in that friendly
network - from an untrusted network - i get this in my smtpserver log:

12553#  connection from untrusted.smtpserver.com ipcnt 2 ident: NO-IDENT-SERVICE[2]
12553w  220 zmailer-serv.mydomain.com Servidor ZMailer 2.99.50-s5 #1 ESMTP+IDENT de RCP, hora local: Fri, 19 Mar 1999 12:39:23 -0500
12553#  remote from [209.77.5.218]:21124
12553#  -- policyresult=0 initial policy msg: <NONE!>
12553r  helo untrusted.smtpserver.com
12553w  250 zmailer-serv.mydomain.com Hello untrusted.smtpserver.com
12553r  mail from: <someone@hotmail.com>
12553w  250 2.1.0 Sender syntax Ok
12553r  rcpt to: <someone@friendly.domain.com>
12553#  -- policy result=-3, msg: <NONE!>
12553w  553-5.7.1 This target address is not our MX service
12553w  553-5.7.1 client, nor you are connecting from address
12553w  553-5.7.1 that is allowed to openly use us to relay
12553w  553-5.7.1 to any arbitary address thru us.
12553w  553 5.7.1 We don't accept this recipient.
12553r  quit
12553w  221 2.0.0 zmailer-serv.mydomain.com Out

What can i do to get MX reception allowed without any smtp-policy.mx file?

Thanks a lot,

Enrique-
-- 
----------------------------------------------
 RCP - Internet Peru      Tel: +51 1 422-4848 
 Dpto de Operaciones      Fax: +51 1 421-8086
----------------------------------------------