Re: [courier-users] Re: Selectively allowing illegal domains?

Lloyd Zusman wrote:
> Jay Lee <jlee <at> pbu.edu> writes:
>
>
>>Lloyd Zusman wrote:
>>
>>>[ ... ]
>>>
>>>I'd like to be able to tell courier that this small handful of
>>>internally known domain names from work be treated as being legal, even
>>>though the DNS test fails for them in the "outside world" ... and that
>>>all other mail from illegal domains still gets rejected.
>>
>>What DNS is the Courier Server using? If it's under your control you
>>could make the domain names legal by setting up DNS zones for the
>>illegal domains. If you're not already using your own DNS server,
>>install BIND on your Courier server and have the server use itself for
>>DNS lookups (BIND itself can forward most lookups to your ISP or
>>whoevers DNS servers while responding authoritatively for the "illegal"
>>domains). If you go this route, I recommend you using something like
>>webmin (http://www.webmin.com) to configure BIND, makes it a lot easier.
>>
>>Another possiblitity is getting the Courier server to use the same DNS
>>servers your internal work network uses that has details about the
>>illegal domains.
>>
>>Jay
>
>
> Thanks for your reply. I run my own dns service (tinydns), and I know
> that I can put some bogus entries in my database for these domain names.
> I was just wondering if there is a courier-only way of doing this.
>
> The dns entries would have to be bogus, by the way, because there is no
> way for anyone to access that company's internal dns from outside of their
> firewall ... and rightfully so.
>
> Hmm ... I thought of a way that I might be able to do this in courier:
>
> I'm already using SPF, and I'm telling courier not to reject the mail when
> SPF checks fail, but rather, to just have courier write the SPF-Received
> headers, which I then check in some home-grown courierfilter modules. I
> decide at that point whether to accept or reject the email.
>
> What I might be able to do is to turn off BOFHCHECKDNS, and then within
> my home-grown courierfilter, I can reject all sender domains which fail
> SPF's dns check ... except that handful of internal domains from work.

The SPF change sounds overly complicated and it means your mailserver
will be accepting invalid mail in these cases. I wouldn't recommend it.

If you know the IP Addresses of the servers that are sending the invalid
email you may be able to use smtpaccess to turn off the dns checks for
these addresses:

x.x.x.x allow,BOFCHECKDNS=0

Try that and see if it works.

Jay
--
Jay Lee
Network / Systems Administrator
Information Technology Dept.
Philadelphia Biblical University
--


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users