[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MX accept policy: problem
Matti and all,
[*] No, that is WRONG syntax:
Sorry, that syntax error was just a mail typo, in my smtp-policy.src i got
no such syntax error, <duh>.
My figure is quite simple, i will explain very simply what i want, and then
i am sure you will provide a quick and clarifying response.
I have some 100 big customers which use my ZMailer server as MX backup or
ETRN MX for their domains, this makes my smtp-policy.mx file huge and kind
of complicated to maintain manually. I thought that since all those 150
customers were grouped in only 5 different networks i could list those
'friendly' networks in my smtp-policy.src with some special rights
so they could use my zmailer server as MX, and then get rid of (eliminate)
my smtp-policy.mx file completely for easier administration.
I have been testing something like this in my smtp-policy.src:
# this is for protection
. relaycustomer - acceptifmx - senderokwithdns +
[0.0.0.0]/0 relaycustomer - acceptifmx - senderokwithdns +
[*] Yes, this is what for example nic.funet.fi runs with.
[*] This is all that an inbound MX processing is accepted.
[*] (recipient MX processing means testing for *domains*,
[*] e.g. the last resort key will be '.')
# this is one of my 'friendly' networks
[220.127.116.11]/24 rejectnet - relaycustnet - relaytarget + acceptifmx +
Mail relaying from those networks is just fine, that is *not* the issue, ok.
The suffix solution is not what i need, since all those customers have
different domain suffixes and including them in my file would be the same
as maintaining smtp-policy.mx (the amount of entries would be the same).
With that configuration when i try to send email to someone in that friendly
network - from an untrusted network - i get this in my smtpserver log:
12553# connection from untrusted.smtpserver.com ipcnt 2 ident: NO-IDENT-SERVICE
12553w 220 zmailer-serv.mydomain.com Servidor ZMailer 2.99.50-s5 #1 ESMTP+IDENT de RCP, hora local: Fri, 19 Mar 1999 12:39:23 -0500
12553# remote from [18.104.22.168]:21124
12553# -- policyresult=0 initial policy msg: <NONE!>
12553r helo untrusted.smtpserver.com
12553w 250 zmailer-serv.mydomain.com Hello untrusted.smtpserver.com
12553r mail from: <firstname.lastname@example.org>
12553w 250 2.1.0 Sender syntax Ok
12553r rcpt to: <email@example.com>
12553# -- policy result=-3, msg: <NONE!>
12553w 553-5.7.1 This target address is not our MX service
12553w 553-5.7.1 client, nor you are connecting from address
12553w 553-5.7.1 that is allowed to openly use us to relay
12553w 553-5.7.1 to any arbitary address thru us.
12553w 553 5.7.1 We don't accept this recipient.
12553w 221 2.0.0 zmailer-serv.mydomain.com Out
What can i do to get MX reception allowed without any smtp-policy.mx file?
Thanks a lot,
RCP - Internet Peru Tel: +51 1 422-4848
Dpto de Operaciones Fax: +51 1 421-8086