not allow e-mail delivery to hosted sites on Internet interfaces

[wmchurch]

Ugh, not sure how to word that subject but here's what I'm trying to do.

I have a e-mail security gateway that takes care of spam, virus, whatever that I use to forward mail to my Plesk server and accept mail from Plesk to delivery in the outside world.

I want to now prevent anyone from sending mail to the domains on the plesk server on my Internet IPs, but allow it to be sent to those domains from localhost and from a DMZ IP Address (the mail gateway). The issue here is, plesk users still need to be able to SMTP to through the plesk box.

So, any way to only allow authenticated users (via poplock) to send mail through xinetd? I figured I'd create another Xinetd listener for the mail gateway to connect to plesk, that's not hard, just not sure how to tell Qmail to only allow poplock connections on the internet listener.

HELP!

Why do I want to do this?

Well, I've been running on this gateway for about 8 months now, and every now and then I get spam coming through the plesk server because people are connecting directly. No MX records exist for this box, yet people still do it (probably just guessing mail.domain.com I'm sure). So, if I can stop this I'll stop that leakage.

BTW, QMail and I don't get along.

Thanks,
Bill

 

[wmchurch]

Wow, 2 months and no one has a clue how to do this?

I hate to bring up Postfix again, but this would be a quick change to the config files.

I have the Qmail book, I've been all over the sites and I'm either completly dense or this is not possible, it can't be this hard can it?

I see a few other people needing this functionality as well.

To recap:

I want No one to be able to send mail to the SMTP process on the Internet IPs except users authenticated via poplock. (Can't figure this out)

I want specific IPs to send mail to the SMTP processes on the DMZ IPs (this is easy, and done with xinetd).