Mailing List CGatePro@mail.stalker.com Message #105808
From: Brian Turnbow <b.turnbow@twt.it>
Subject: RE: Automatically reject emails other than for a few domains?
Date: Fri, 11 Sep 2015 10:50:00 +0200
To: 'CommuniGate Pro Discussions' <CGatePro@mail.stalker.com>
X-Mailer: E-box Connector 4.2.70-185
Hi Brian

Communigate ,when configured to, will only accept to domains that are local.
There is no need to create an accepted domain list.

What client Ip addresses do you have configured? This should be limited to IPs you will relay for, otherwise you are an open relay...
What are your relay settings? If you have relay to client ip addresses on , this will also cause a lookup to see if the destination server is a client.
That way communigate checks dns records for the to domains to see if they should be accepted.

You probably have one or the other that causes the emails to be accepted.
Otherwise they will be rejected in the smtp session

You can lower log levels for the smtp receiving sessions to track what happens.

Brian


Brian Turnbow
Network Manager
TWT S.p.A.

> -----Original Message-----
> From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On
> Behalf Of Brian
> Sent: giovedì 10 settembre 2015 17:04
> To: CommuniGate Pro Discussions
> Subject: Re: Automatically reject emails other than for a few domains?
>
> Thanks Brian,
>
> Unfortunately, I'd actually already done all that stuff to no avail.
>
> I'm also now finding from examining my logs more thoroughly that emails are
> being processed in an inconsistent manner. Emails destined to the same
> unknown address will sometimes be passed on for filtering by my rules, while
> other times they will trigger a dns loop error. Same email address, same server
> settings, but a different outcome. I'm guessing that it must be due to a
> difference of where the emails are coming from, but it frustrates me that all
> settings seem to be geared towards blocking by sender rather than by
> destination. I would have thought that there'd be some way to tell the server
> "here are my list of acceptable 'to' email addresses, don't process anything
> else", but that doesn't seem to be available except through mail rules which
> are only reached after the server has already done a lot of unnecessary work. I
> guess I'm going to just have to live with that.
>
> Thank you nonetheless for your assistance.
>
> Regards,
>
> Brian
>
>
>
> On 09/09/2015 12:27 PM, Brian Turnbow wrote:
> > Hi Brian,
> >
> > I think we need to take a step back.
> > If the domain is not a local domain and the source ip address is not a client ip
> address/authenticated user, the email should not be accepted and no lookup
> dns will take place.
> > You need to look into your security settings with regard to relaying.
> > CGP will only lookup a "to" domain after it accepts an email for processing.
> >
> > Take a look at
> > https://www.communigate.com/communigatepro/Protection.html
> > and
> > https://www.communigate.com/communigatepro/SMTP.html
> >
> > set up the server to relay only for client IP addresses, that way when the to is
> specified for a domain that is not local from a non-client ip the email will be
> rejected directly in the smtp session.
> > If the emails come from a trusted source, i.e. client ip or
> > authenticated user I'm afraid you would need to use route records ( or
> > change your dns settings)
> >
> > Brian
> >
> > Brian Turnbow
> > Network Manager
> > TWT S.p.A.
> >
> >
> >> -----Original Message-----
> >> From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com]
> >> On Behalf Of Brian
> >> Sent: martedì 8 settembre 2015 20:15
> >> To: CommuniGate Pro Discussions
> >> Subject: Re: Automatically reject emails other than for a few domains?
> >>
> >> Thanks for the response Brian.
> >>
> >> I think I need to explain my situation a bit better. I have hundreds
> >> of domains pointed at my server. Out of those hundreds, only 3
> >> receive emails.  When I look at the logs I see a constant stream of
> >> incoming mail, 99.99% of which are connected to the non-email
> >> domains. What I'm trying to do is eliminate my server's need to look
> >> up dns records for each of those bad emails. Since the list of "good"
> >> domains is known, my hope is that instead of doing all those lookups
> >> on every email, that there's some way to tell the server that if an
> >> email isn't destined to one of my 3 domains, just reject the email
> immediately and don't bother checking dns or doing any other processing.
> >>
> >> I've tried setting it to redirect all unknowns to spamtrap and I've
> >> tried writing rules at the server level to reject everything I don't
> >> want, but these seem to kick in after the dns lookups already happen.
> >>
> >> If adding some rules to the router would do what I need then ok, but
> >> the list of domains that are pointed at my server is in constant flux
> >> so I don't want to have to write and maintain a list of several
> >> hundred rules for each of the non- email domains, I'd prefer to be
> >> able to create a small set of rules that that tell the server to
> >> disregard any emails that don't belong to the 3 domains. Is it possible to do
> this and prevent the redundant lookups from happening?
> >>
> >> Thanks again.
> >>
> >> Brian
> >>
> >>
> >>
> >>
> >> On 09/08/2015 12:52 PM, Brian Turnbow wrote:
> >>> Hi Brian,
> >>>
> >>> Communigate is checking dns records looking for an MX record or a
> >>> domain level record , ie mydomain.com, that point to an IP Finding
> >>> one constitutes a valid mail server , It seems you have records
> >>> pointing to  the Communigate ip and as communigate does not know the
> >>> domain it will give this error finding a loop ( I have to send this
> >>> to another email server but that server  is myself )
> >>>
> >>> You can easily disregard emails for the domain by creating route
> >>> records
> >> https://www.communigate.com/communigatepro/Router.html#Special
> >>> you can reject(error), accept and drop(null) route to
> >>> spamtraps(spamtrap)
> >> etc so you can get creative on what you want to do.
> >>> Brian
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: CommuniGate Pro Discussions
> >>>> [mailto:CGatePro@mail.stalker.com]
> >>>> On Behalf Of Brian
> >>>> Sent: martedì 8 settembre 2015 17:12
> >>>> To: CommuniGate Pro Discussions
> >>>> Subject: Automatically reject emails other than for a few domains?
> >>>>
> >>>>
> >>>> I have a bunch of domains pointing to my web/mail server but I only
> >>>> need email service for a couple of those. As it stands, whenever an
> >>>> email comes in for a domain that I'm NOT using for email,
> >>>> communigate checks dns, issues an error message about a dns loop,
> >>>> and then sends a report back to the sender's mail server. Is there
> >>>> any way to skip all that and just have it recognize that if an
> >>>> email is not destined for a domain that is configured for email,
> >>>> that it should just reject or delete
> >> the emails immediately?
> >>>> The way I'm set up, I have a main domain plus a couple of others
> >>>> that are aliases for that domain. Ideally, I'm brand new to
> >>>> communigate, so if you have any suggestions please make them
> >>>> detailed enough that they will be understandable to a total
> >>>> beginner. Thanks very much! :)
> >>>>
> >>>> Brian
> >>>>
> >>>> #############################################################
> >>>> This message is sent to you because you are subscribed to
> >>>>     the mailing list <CGatePro@mail.stalker.com>.
> >>>> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com> To
> >>>> switch to the DIGEST mode, E-mail to
> >>>> <CGatePro-digest@mail.stalker.com>
> >>>> To switch to the INDEX mode, E-mail to
> >>>> <CGatePro-index@mail.stalker.com> Send administrative queries to
> >>>> <CGatePro-request@mail.stalker.com>
> >>> #############################################################
> >>> This message is sent to you because you are subscribed to
> >>>     the mailing list <CGatePro@mail.stalker.com>.
> >>> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com> To switch
> >>> to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
> >>> To switch to the INDEX mode, E-mail to
> >>> <CGatePro-index@mail.stalker.com> Send administrative queries to
> >>> <CGatePro-request@mail.stalker.com>
> >>
> >> #############################################################
> >> This message is sent to you because you are subscribed to
> >>    the mailing list <CGatePro@mail.stalker.com>.
> >> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com> To switch
> >> to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
> >> To switch to the INDEX mode, E-mail to
> >> <CGatePro-index@mail.stalker.com> Send administrative queries to
> >> <CGatePro-request@mail.stalker.com>
> > #############################################################
> > This message is sent to you because you are subscribed to
> >    the mailing list <CGatePro@mail.stalker.com>.
> > To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com> To switch
> > to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
> > To switch to the INDEX mode, E-mail to
> > <CGatePro-index@mail.stalker.com> Send administrative queries to
> > <CGatePro-request@mail.stalker.com>
>
>
> #############################################################
> This message is sent to you because you are subscribed to
>   the mailing list <CGatePro@mail.stalker.com>.
> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com> To switch to the
> DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
> To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
> Send administrative queries to  <CGatePro-request@mail.stalker.com>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster