Whitelist-only email server
Brian Candler
B.Candler at pobox.com
Wed Jul 19 12:24:53 UTC 2006
On Wed, Jul 19, 2006 at 04:57:16PM +1000, User Ernie wrote:
> Has anybody set up a whitelist-only email server on FreeBSD that rejects all
> emails except ones that are in the users personal whitelist?
It's certainly doable in exim. In fact, using exim ACLs, you can reject at
SMTP time: e.g.
MAIL FROM:<foo at bar.com>
RCPT TO:<user at example.com>
550 user at example.com does not accept mail from foo at bar.com
This means you don't have to worry about generating bounces and hence
generating 'collateral spam'. The lookup for allowed recipients can be done
anywhere you like - in a file (e.g. $HOME/.allowfrom), in a DBM file, or
even in an LDAP or SQL database.
OTOH, it does depend on the sender's MTA generating valid envelope-sender
addresses. Not all do, and also there are a number of
envelope-sender-mangling schemes out there (e.g. SES, BATV) which you would
have to decode to extract the sender address. All of this is possible
though.
Have you considered, however, what you will do with bounces - i.e. MAIL
FROM:<> ?
> I am trying to figure out how to do it, I know it's an anti-spam solution
> for advanced email users who understand the implications of what
> legitimate emails they might miss as a consequence.
The other approach is to do this post-delivery, using a filtering program of
your choice (e.g. procmail) or MTA-embedded filtering (e.g. sieve in Exim).
However, if the filter then makes a decision to reject the mail, you will
either blackhole it, move it into a 'Spam' folder (which is as good as
blackholing), or send a fresh outgoing bounce (which is more than likely
going to be collateral spam to an innocent third party)
Regards,
Brian.
More information about the freebsd-isp
mailing list