From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 12:24:53 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A30C16A4DA for ; Wed, 19 Jul 2006 12:24:53 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3156543D53 for ; Wed, 19 Jul 2006 12:24:51 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 5D1D928D8A; Wed, 19 Jul 2006 08:24:50 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id 1E57963B22; Wed, 19 Jul 2006 08:24:49 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G3B6d-0007yE-0H; Wed, 19 Jul 2006 13:24:47 +0100 Date: Wed, 19 Jul 2006 13:24:46 +0100 From: Brian Candler To: User Ernie Message-ID: <20060719122446.GA30611@uk.tiscali.com> References: <200607190657.k6J6vGhF075077@puremail.eis.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200607190657.k6J6vGhF075077@puremail.eis.net.au> User-Agent: Mutt/1.4.2.1i Cc: freebsd-isp@freebsd.org Subject: Re: Whitelist-only email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 12:24:53 -0000 On Wed, Jul 19, 2006 at 04:57:16PM +1000, User Ernie wrote: > Has anybody set up a whitelist-only email server on FreeBSD that rejects all > emails except ones that are in the users personal whitelist? It's certainly doable in exim. In fact, using exim ACLs, you can reject at SMTP time: e.g. MAIL FROM: RCPT TO: 550 user@example.com does not accept mail from foo@bar.com This means you don't have to worry about generating bounces and hence generating 'collateral spam'. The lookup for allowed recipients can be done anywhere you like - in a file (e.g. $HOME/.allowfrom), in a DBM file, or even in an LDAP or SQL database. OTOH, it does depend on the sender's MTA generating valid envelope-sender addresses. Not all do, and also there are a number of envelope-sender-mangling schemes out there (e.g. SES, BATV) which you would have to decode to extract the sender address. All of this is possible though. Have you considered, however, what you will do with bounces - i.e. MAIL FROM:<> ? > I am trying to figure out how to do it, I know it's an anti-spam solution > for advanced email users who understand the implications of what > legitimate emails they might miss as a consequence. The other approach is to do this post-delivery, using a filtering program of your choice (e.g. procmail) or MTA-embedded filtering (e.g. sieve in Exim). However, if the filter then makes a decision to reject the mail, you will either blackhole it, move it into a 'Spam' folder (which is as good as blackholing), or send a fresh outgoing bounce (which is more than likely going to be collateral spam to an innocent third party) Regards, Brian.