Reject Mail if sending client has no MX-record for domain part of "mail from:" header

General eFa discussion
Post Reply
duesen
Posts: 12
Joined: 30 Mar 2016 15:35
Location: Austria

Reject Mail if sending client has no MX-record for domain part of "mail from:" header

Post by duesen »

I do not know if this is a silly question but I could not get usefull information so I am asking here ...

I know that the subject of the thread does not meet the practical mail flow so let me explain a bit.

Normally when a client connects and sends an email, postfix can handle the following restrictions in the order of the mail flow:

copied from: https://wiki.centos.org/HowTos/postfix_restrictions

Code: Select all

220 mail.example.com ESMTP Postfix              # <-smtp_client_restrictions
HELO mail.example.com                           # <-smtp_helo_restrictions
250 mail.example.com                            #
MAIL FROM:<ned@example.com>                     # <-smtp_sender_restrictions
250 2.1.0 Ok                                    #
RCPT TO:<ned@example.com>                       # <-smtp_recipient_restrictions
250 2.1.5 Ok                                    #
DATA                                            # <-smtp_data_restrictions
354 End data with <CR><LF>.<CR><LF>             #
To:<ned@example.com>                            # <-header_checks
From:<ned@example.com>                          #
Subject:SMTP Test                               #
This is a test message                          # <-body_checks
.                                               #
When comming to the stage of the smtpd_sender_restrictions the client is already allowed to relay the mail.
Would it be possible to achieve a setup like this?

When the client says: MAIL FROM:<me@efaspam.com> - lets look if the currently connected ip address of the sending client does resolve to a mx record of the domain-part in the MAIL FROM-Command.
If yes - let the client continue to relay the mail
If not - reject and disconnect.

As mentioned before I could not find any relevant information about this - maybe using the wrong search terms.

Any help or dicussion welcome...
-
duesen
duesen
Posts: 12
Joined: 30 Mar 2016 15:35
Location: Austria

Re: Reject Mail if sending client has no MX-record for domain part of "mail from:" header

Post by duesen »

Thank you for your reply!
Of course we can discuss this topic on a more efficient channel.
But one thing has to meet the global E.F.A requirements:
If an online discussion is more efficient to solve this I will be a part of it. But fitting the nature of this project I / we will share our conclusions back to this forum. I think E.F.A is an almost grown up appliance to fight daily spams. So if I can help to make it better I will do it.
If this is ok you can drop me a PM to kick off a discussion.
-
duesen
duesen
Posts: 12
Joined: 30 Mar 2016 15:35
Location: Austria

Re: Reject Mail if sending client has no MX-record for domain part of "mail from:" header

Post by duesen »

A registration 1 minute before the first post does not automatically mean that is has to be a bot.
I can also type very quick if I want :-)

But ... please ...
lets get back to original subject of this thread!

Many thanks...
-
duesen
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Reject Mail if sending client has no MX-record for domain part of "mail from:" header

Post by darky83 »

Version eFa 4.x now available!
duesen
Posts: 12
Joined: 30 Mar 2016 15:35
Location: Austria

Re: Reject Mail if sending client has no MX-record for domain part of "mail from:" header

Post by duesen »

Nearly ...
I know about SPF but thought maybe it would be possible to achieve a setup like the one in question.

If it is true like stated here:
http://trends.builtwith.com/mx/SPF
only the top sites and the good managed ones are already using SPF records but the main sites aren´t.

There are so many missconfigured and therefore open relays outside that i do not want to wait to get them SPF´ed.

A simple solution for the setup in question would allow to reject directly or to increase spam counts.
-
duesen
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Reject Mail if sending client has no MX-record for domain part of "mail from:" header

Post by shawniverson »

duesen wrote: When the client says: MAIL FROM:<me@efaspam.com> - lets look if the currently connected ip address of the sending client does resolve to a mx record of the domain-part in the MAIL FROM-Command.
If yes - let the client continue to relay the mail
If not - reject and disconnect.
duesen
This might be a better question for a postfix guru. I don't know of any relay that does this, though. This could break any relay that hosts or forwards for other domains, for example.
Post Reply