Reject incoming mail from external network (Internet)

saikit
saikit used Ask the Experts™
on
My sendmail server has an Internet IP and accepts both Internal & External email for my domain.

My boss asked my to add some "Internal email accounts" that only used by local network users, all other networks users cannot send email to these accounts.

How can I make it possible?



Thanks for advice.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2005
Commented:
I can't think of an easy way to do that at the sendmail level. And that's mostly because sendmail doesn't distinguish between mail arriving from a local source and mail arriving from an external source. To do what you want it would be necessary to say that mail from a local address and to the "private" account is allowed, but that mail from any where else to that account is not allowed. None of the access controls in sendmail operate on pairs so I don't see a way of doing this.

You could do it with procmail filters for those accounts. Or if you are using an anti-spam filter (MailScanner, MIMEdefang, etc) I believe it could be done there.
Hanno P.S.IT Consultant and Infrastructure Architect

Commented:
Maybe installing some small firewall to block packets coming from "outside your network destined for port 25"
Running Linux you could look for ipchains or iptables, on Solaris use SunScreen or some commercial products
like Check Point's Firewall-1 or VPN-1, having routers try blocking port 25 via access lists.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
You have a domain - lets call it 'yourdomain.com'
Do you mean that you need two groups of users:
 
One group (GOOD) has local email addresses they can use at 'someuser@yourdomain.com'. The other group (BAD) does not have any addresses they can use at 'yourdomain.com'.

Is this correct? Or am I completely misunderstanding your question?

Author

Commented:
All of them have their own email address at 'yourdomain.com', but some of them not allow to receive emails from external network.
Commented:
Assuming you have procmail installed and it is your local MDA and they are using pop3 or imap

cd /home/userwhogetsnooutsideemail
cat<<EOF>.procmailrc
:0:
* !^From:.*@yourdomain.com
/dev/null
EOF

chown root.root .procmailrc
chmod 644 .procmailrc

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial