This article describes one way to limit incoming SMTP connections for specific domains to a list of specific safe relay IP addresses. Let’s suppose that you have a domain, mydomain.com – and you want to filter all email for this domain via an external host – lets call it filtermail.com.
You would typically set the MX records for mydomain.com to point to in.filtermail.com as follows:
mydomain.com. 14400 IN MX 10 in.filtermail.com.
And, presumably, you would configure filtermail.com to send your sanitised, cleaned mail back to mail.yourdomain.com and set your exim config to accept all mail locally for your domain. Great, so now you are happily filtering your mail for spam – but wait… some sneaky monkey decides to try sending spam directly to mail.mydomain.com, and your exim happily receives it, because exim isn’t aware of the DNS settings, and doesn’t know any better.
So, we need to tell exim NOT to accept any mail for mydomain.com UNLESS it is coming from, lets say for the sake of argument, out.filtermail.com. Let’s say that out.filtermail.com has an IP address of 220.127.116.11. Read More…