Mailing List CGatePro@mail.stalker.com Message #105812
From: Brian <pcwiz@gmx.net>
Subject: Re: Automatically reject emails other than for a few domains?
Date: Fri, 11 Sep 2015 12:21:13 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Hi,

Thank you to both Nicolas and Peter for your input. Much appreciated!

In fact, however, it turns out that Brian's assessment was correct. I had "relay to client" settings enabled. Once I turned those off the lookups stopped completely. Now, only my local domains get processed. The others get immediately rejected with a "we do not relay" message.

Thank you so much for working this out with me! I'm very grateful.

As far as my client ip's, my only entries are localhost and the server's own public ip. Is that correct, or should it be blank?

Thanks again!

Brian



On 09/11/2015 04:50 AM, Brian Turnbow wrote:
Hi Brian

Communigate ,when configured to, will only accept to domains that are local.
There is no need to create an accepted domain list.

What client Ip addresses do you have configured? This should be limited to IPs you will relay for, otherwise you are an open relay...
What are your relay settings? If you have relay to client ip addresses on , this will also cause a lookup to see if the destination server is a client.
That way communigate checks dns records for the to domains to see if they should be accepted.

You probably have one or the other that causes the emails to be accepted.
Otherwise they will be rejected in the smtp session

You can lower log levels for the smtp receiving sessions to track what happens.

Brian


Brian Turnbow
Network Manager
TWT S.p.A.

-----Original Message-----
From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On
Behalf Of Brian
Sent: giovedì 10 settembre 2015 17:04
To: CommuniGate Pro Discussions
Subject: Re: Automatically reject emails other than for a few domains?

Thanks Brian,

Unfortunately, I'd actually already done all that stuff to no avail.

I'm also now finding from examining my logs more thoroughly that emails are
being processed in an inconsistent manner. Emails destined to the same
unknown address will sometimes be passed on for filtering by my rules, while
other times they will trigger a dns loop error. Same email address, same server
settings, but a different outcome. I'm guessing that it must be due to a
difference of where the emails are coming from, but it frustrates me that all
settings seem to be geared towards blocking by sender rather than by
destination. I would have thought that there'd be some way to tell the server
"here are my list of acceptable 'to' email addresses, don't process anything
else", but that doesn't seem to be available except through mail rules which
are only reached after the server has already done a lot of unnecessary work. I
guess I'm going to just have to live with that.

Thank you nonetheless for your assistance.

Regards,

Brian



On 09/09/2015 12:27 PM, Brian Turnbow wrote:
Hi Brian,

I think we need to take a step back.
If the domain is not a local domain and the source ip address is not a client ip
address/authenticated user, the email should not be accepted and no lookup
dns will take place.
You need to look into your security settings with regard to relaying.
CGP will only lookup a "to" domain after it accepts an email for processing.

Take a look at
https://www.communigate.com/communigatepro/Protection.html
and
https://www.communigate.com/communigatepro/SMTP.html

set up the server to relay only for client IP addresses, that way when the to is
specified for a domain that is not local from a non-client ip the email will be
rejected directly in the smtp session.
If the emails come from a trusted source, i.e. client ip or
authenticated user I'm afraid you would need to use route records ( or
change your dns settings)

Brian

Brian Turnbow
Network Manager
TWT S.p.A.


-----Original Message-----
From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com]
On Behalf Of Brian
Sent: martedì 8 settembre 2015 20:15
To: CommuniGate Pro Discussions
Subject: Re: Automatically reject emails other than for a few domains?

Thanks for the response Brian.

I think I need to explain my situation a bit better. I have hundreds
of domains pointed at my server. Out of those hundreds, only 3
receive emails.  When I look at the logs I see a constant stream of
incoming mail, 99.99% of which are connected to the non-email
domains. What I'm trying to do is eliminate my server's need to look
up dns records for each of those bad emails. Since the list of "good"
domains is known, my hope is that instead of doing all those lookups
on every email, that there's some way to tell the server that if an
email isn't destined to one of my 3 domains, just reject the email
immediately and don't bother checking dns or doing any other processing.
I've tried setting it to redirect all unknowns to spamtrap and I've
tried writing rules at the server level to reject everything I don't
want, but these seem to kick in after the dns lookups already happen.

If adding some rules to the router would do what I need then ok, but
the list of domains that are pointed at my server is in constant flux
so I don't want to have to write and maintain a list of several
hundred rules for each of the non- email domains, I'd prefer to be
able to create a small set of rules that that tell the server to
disregard any emails that don't belong to the 3 domains. Is it possible to do
this and prevent the redundant lookups from happening?
Thanks again.

Brian




On 09/08/2015 12:52 PM, Brian Turnbow wrote:
Hi Brian,

Communigate is checking dns records looking for an MX record or a
domain level record , ie mydomain.com, that point to an IP Finding
one constitutes a valid mail server , It seems you have records
pointing to  the Communigate ip and as communigate does not know the
domain it will give this error finding a loop ( I have to send this
to another email server but that server  is myself )

You can easily disregard emails for the domain by creating route
records
https://www.communigate.com/communigatepro/Router.html#Special
you can reject(error), accept and drop(null) route to
spamtraps(spamtrap)
etc so you can get creative on what you want to do.
Brian


-----Original Message-----
From: CommuniGate Pro Discussions
[mailto:CGatePro@mail.stalker.com]
On Behalf Of Brian
Sent: martedì 8 settembre 2015 17:12
To: CommuniGate Pro Discussions
Subject: Automatically reject emails other than for a few domains?


I have a bunch of domains pointing to my web/mail server but I only
need email service for a couple of those. As it stands, whenever an
email comes in for a domain that I'm NOT using for email,
communigate checks dns, issues an error message about a dns loop,
and then sends a report back to the sender's mail server. Is there
any way to skip all that and just have it recognize that if an
email is not destined for a domain that is configured for email,
that it should just reject or delete
the emails immediately?
The way I'm set up, I have a main domain plus a couple of others
that are aliases for that domain. Ideally, I'm brand new to
communigate, so if you have any suggestions please make them
detailed enough that they will be understandable to a total
beginner. Thanks very much! :)

Brian

#############################################################
This message is sent to you because you are subscribed to
     the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com> To
switch to the DIGEST mode, E-mail to
<CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to
<CGatePro-index@mail.stalker.com> Send administrative queries to
<CGatePro-request@mail.stalker.com>
#############################################################
This message is sent to you because you are subscribed to
     the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com> To switch
to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to
<CGatePro-index@mail.stalker.com> Send administrative queries to
<CGatePro-request@mail.stalker.com>
#############################################################
This message is sent to you because you are subscribed to
    the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com> To switch
to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to
<CGatePro-index@mail.stalker.com> Send administrative queries to
<CGatePro-request@mail.stalker.com>
#############################################################
This message is sent to you because you are subscribed to
    the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com> To switch
to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to
<CGatePro-index@mail.stalker.com> Send administrative queries to
<CGatePro-request@mail.stalker.com>

#############################################################
This message is sent to you because you are subscribed to
   the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com> To switch to the
DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>
#############################################################
This message is sent to you because you are subscribed to
   the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster