[courier-users] Re: Selectively allowing illegal domains?
This is a discussion on [courier-users] Re: Selectively allowing illegal domains? within the Courier-Imap forums, part of the Mail Servers and Related category; Jay Lee <jlee <at> pbu.edu> writes: > > Lloyd Zusman wrote: > > > > [ ... ] &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-02-2005
|
|||
|
|||
[courier-users] Re: Selectively allowing illegal domains?
Jay Lee <jlee <at> pbu.edu> writes:
> > Lloyd Zusman wrote: > > > > [ ... ] > > > > I'd like to be able to tell courier that this small handful of > > internally known domain names from work be treated as being legal, even > > though the DNS test fails for them in the "outside world" ... and that > > all other mail from illegal domains still gets rejected. > > What DNS is the Courier Server using? If it's under your control you > could make the domain names legal by setting up DNS zones for the > illegal domains. If you're not already using your own DNS server, > install BIND on your Courier server and have the server use itself for > DNS lookups (BIND itself can forward most lookups to your ISP or > whoevers DNS servers while responding authoritatively for the "illegal" > domains). If you go this route, I recommend you using something like > webmin (http://www.webmin.com) to configure BIND, makes it a lot easier. > > Another possiblitity is getting the Courier server to use the same DNS > servers your internal work network uses that has details about the > illegal domains. > > Jay Thanks for your reply. I run my own dns service (tinydns), and I know that I can put some bogus entries in my database for these domain names. I was just wondering if there is a courier-only way of doing this. The dns entries would have to be bogus, by the way, because there is no way for anyone to access that company's internal dns from outside of their firewall ... and rightfully so. Hmm ... I thought of a way that I might be able to do this in courier: I'm already using SPF, and I'm telling courier not to reject the mail when SPF checks fail, but rather, to just have courier write the SPF-Received headers, which I then check in some home-grown courierfilter modules. I decide at that point whether to accept or reject the email. What I might be able to do is to turn off BOFHCHECKDNS, and then within my home-grown courierfilter, I can reject all sender domains which fail SPF's dns check ... except that handful of internal domains from work. Do you or anyone else see any gotcha's with this approach? Thanks. -- Lloyd Zusman ljz@asfast.com God bless you. .---------, 0__0 / ( oo'---, / oo\ ,\ | | \ ,=__/ \ / / /------| /| |__|-' |__|' ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users 
|
Linear Mode
