grpadmin Absent Member.
Absent Member.
2203 views

Denying incoming mail through one GWIA

I have 3 gwia with mx records and reverse dns configured, but would not want e-mails to get in through one of the Gwia but just for sending outgoing mail. If from the Giwa properties-->Access control, I use the option "prevent incoming mails", will that be ok ? And any mails trying to use this Gwia will they be rejected completely or routed to the other two Giwa's ?
Labels (2)
0 Likes
12 Replies
Anonymous_User Absent Member.
Absent Member.

Antw: Denying incoming mail through one GWIA

Hi,

place a firewall in front of the gwia and block port 25 incoming.

Walter


>>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag, 26.

Dezember
2008 um 13:36 in Nachricht <grpadmin.3l101z@no-mx.forums.novell.com>:

> I have 3 gwia with mx records and reverse dns configured, but would not
> want e-mails to get in through one of the Gwia but just for sending
> outgoing mail. If from the Giwa properties-->Access control, I use the
> option "prevent incoming mails", will that be ok ? And any mails trying
> to use this Gwia will they be rejected completely or routed to the other
> two Giwa's ?

0 Likes
grpadmin Absent Member.
Absent Member.

Re: Antw: Denying incoming mail through one GWIA

The way I did it, was it the wrong way ?
And the best way would be to block port 25 on the fire wall ?

And If someone claims that messages are not reaching our domain because that he cannot get a reply from that particular mx record when he does a query, would it be enough to tell him that e-mail systems work by trying all the possible mx records ?

Walter Hofstädtler;1706793 wrote:
Hi,

place a firewall in front of the gwia and block port 25 incoming.

Walter


>>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag, 26.

Dezember
2008 um 13:36 in Nachricht <grpadmin.3l101z@no-mx.forums.novell.com>:

> I have 3 gwia with mx records and reverse dns configured, but would not
> want e-mails to get in through one of the Gwia but just for sending
> outgoing mail. If from the Giwa properties-->Access control, I use the
> option "prevent incoming mails", will that be ok ? And any mails trying
> to use this Gwia will they be rejected completely or routed to the other
> two Giwa's ?
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Denying incoming mail through one GWIA

grpadmin wrote:

>
> The way I did it, was it the wrong way ?
> And the best way would be to block port 25 on the fire wall ?
>
> And If someone claims that messages are not reaching our domain because
> that he cannot get a reply from that particular mx record when he does a
> query, would it be enough to tell him that e-mail systems work by trying
> all the possible mx records ?
>
> Walter Hofstädtler;1706793 Wrote:
>> Hi,
>>
>> place a firewall in front of the gwia and block port 25 incoming.
>>
>> Walter
>>
>>
>> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag, 26.

>> Dezember
>> 2008 um 13:36 in Nachricht <grpadmin.3l101z@no-mx.forums.novell.com>:
>>
>> > I have 3 gwia with mx records and reverse dns configured, but would

>> not
>> > want e-mails to get in through one of the Gwia but just for sending
>> > outgoing mail. If from the Giwa properties-->Access control, I use

>> the
>> > option "prevent incoming mails", will that be ok ? And any mails

>> trying
>> > to use this Gwia will they be rejected completely or routed to the

>> other
>> > two Giwa's ?

>
>



There is another way I have done. If you change the smtp port to such as
2525 in the services file it will not listen anymore for incoming because
nothing is going to hit 2525. It will still send on 25.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Antw: Re: Denying incoming mail through one GWIA

Hi,

denying via "Giwa properties-->Access control" IIRR respond with errors like
"No such recipient"
an the sender will not deliver to any other GWIA of curse.

A Firewall or a different port as Rick stated is the better solution.

Walter




>>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag, 26.

Dezember
2008 um 15:26 in Nachricht <grpadmin.3l155c@no-mx.forums.novell.com>:

> The way I did it, was it the wrong way ?
> And the best way would be to block port 25 on the fire wall ?
>
> And If someone claims that messages are not reaching our domain because
> that he cannot get a reply from that particular mx record when he does a
> query, would it be enough to tell him that e-mail systems work by trying
> all the possible mx records ?
>
> Walter Hofstädtler;1706793 Wrote:
>> Hi,
>>
>> place a firewall in front of the gwia and block port 25 incoming.
>>
>> Walter
>>
>>
>> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag, 26.

>> Dezember
>> 2008 um 13:36 in Nachricht <grpadmin.3l101z@no-mx.forums.novell.com>:
>>
>> > I have 3 gwia with mx records and reverse dns configured, but would

>> not
>> > want e-mails to get in through one of the Gwia but just for sending
>> > outgoing mail. If from the Giwa properties-->Access control, I use

>> the
>> > option "prevent incoming mails", will that be ok ? And any mails

>> trying
>> > to use this Gwia will they be rejected completely or routed to the

>> other
>> > two Giwa's ?

0 Likes
grpadmin Absent Member.
Absent Member.

Re: Antw: Re: Denying incoming mail through one GWIA

Thanks for the reply


Walter Hofstädtler;1706840 wrote:
Hi,

denying via "Giwa properties-->Access control" IIRR respond with errors like
"No such recipient"
an the sender will not deliver to any other GWIA of curse.

A Firewall or a different port as Rick stated is the better solution.

Walter




>>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag, 26.

Dezember
2008 um 15:26 in Nachricht <grpadmin.3l155c@no-mx.forums.novell.com>:

> The way I did it, was it the wrong way ?
> And the best way would be to block port 25 on the fire wall ?
>
> And If someone claims that messages are not reaching our domain because
> that he cannot get a reply from that particular mx record when he does a
> query, would it be enough to tell him that e-mail systems work by trying
> all the possible mx records ?
>
> Walter Hofstädtler;1706793 Wrote:
>> Hi,
>>
>> place a firewall in front of the gwia and block port 25 incoming.
>>
>> Walter
>>
>>
>> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag, 26.

>> Dezember
>> 2008 um 13:36 in Nachricht <grpadmin.3l101z@no-mx.forums.novell.com>:
>>
>> > I have 3 gwia with mx records and reverse dns configured, but would

>> not
>> > want e-mails to get in through one of the Gwia but just for sending
>> > outgoing mail. If from the Giwa properties-->Access control, I use

>> the
>> > option "prevent incoming mails", will that be ok ? And any mails

>> trying
>> > to use this Gwia will they be rejected completely or routed to the

>> other
>> > two Giwa's ?
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Denying incoming mail through one GWIA

And don't have an MX record to this GWIA.

>>> On 12/29/08 at 12:46 AM, grpadmin<grpadmin@no-mx.forums.novell.com>

wrote:
> Thanks for the reply
>
>
> Walter Hofstädtler;1706840 Wrote: > Hi,
>>
>> denying via "Giwa properties-->Access control" IIRR respond with errors>


> like
>> "No such recipient"
>> an the sender will not deliver to any other GWIA of curse.
>>
>> A Firewall or a different port as Rick stated is the better solution.
>>
>> Walter
>>
>>
>>
>>
>> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag, 26.

>> Dezember
>> 2008 um 15:26 in Nachricht <grpadmin.3l155c@no-mx.forums.novell.com>:
>>
>> > The way I did it, was it the wrong way ?
>> > And the best way would be to block port 25 on the fire wall ?
>> >
>> > And If someone claims that messages are not reaching our domain>

because
>> > that he cannot get a reply from that particular mx record when he> does


> a
>> > query, would it be enough to tell him that e-mail systems work by>

trying
>> > all the possible mx records ?
>> >
>> > Walter Hofstädtler;1706793 Wrote:
>> >> Hi,
>> >>
>> >> place a firewall in front of the gwia and block port 25 incoming.
>> >>
>> >> Walter
>> >>
>> >>
>> >> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag,>

26.
>> >> Dezember
>> >> 2008 um 13:36 in Nachricht>

<grpadmin.3l101z@no-mx.forums.novell.com>:
>> >>
>> >> > I have 3 gwia with mx records and reverse dns configured, but>

would
>> >> not
>> >> > want e-mails to get in through one of the Gwia but just for>

sending
>> >> > outgoing mail. If from the Giwa properties-->Access control, I> use
>> >> the
>> >> > option "prevent incoming mails", will that be ok ? And any mails
>> >> trying
>> >> > to use this Gwia will they be rejected completely or routed to> the
>> >> other
>> >> > two Giwa's ?--

grpadmin--------------------------------------------------------------------
----grpadmin's Profile:
> http://forums.novell.com/member.php?userid=1798View this thread:
> http://forums.novell.com/showthread.php?t=355281

0 Likes
grpadmin Absent Member.
Absent Member.

Re: Denying incoming mail through one GWIA

But if I don't have an MX on this record, I think some domains might not accept mails sent from this GWIA as they check for reverse DNS, not so ?
B'se I just use it for sending outbound mail.

avery_larry;1707440 wrote:
And don't have an MX record to this GWIA.

>>> On 12/29/08 at 12:46 AM, grpadmin<grpadmin@no-mx.forums.novell.com>

wrote:
> Thanks for the reply
>
>
> Walter Hofstädtler;1706840 Wrote: > Hi,
>>
>> denying via "Giwa properties-->Access control" IIRR respond with errors>


> like
>> "No such recipient"
>> an the sender will not deliver to any other GWIA of curse.
>>
>> A Firewall or a different port as Rick stated is the better solution.
>>
>> Walter
>>
>>
>>
>>
>> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag, 26.

>> Dezember
>> 2008 um 15:26 in Nachricht <grpadmin.3l155c@no-mx.forums.novell.com>:
>>
>> > The way I did it, was it the wrong way ?
>> > And the best way would be to block port 25 on the fire wall ?
>> >
>> > And If someone claims that messages are not reaching our domain>

because
>> > that he cannot get a reply from that particular mx record when he> does


> a
>> > query, would it be enough to tell him that e-mail systems work by>

trying
>> > all the possible mx records ?
>> >
>> > Walter Hofstädtler;1706793 Wrote:
>> >> Hi,
>> >>
>> >> place a firewall in front of the gwia and block port 25 incoming.
>> >>
>> >> Walter
>> >>
>> >>
>> >> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag,>

26.
>> >> Dezember
>> >> 2008 um 13:36 in Nachricht>

<grpadmin.3l101z@no-mx.forums.novell.com>:
>> >>
>> >> > I have 3 gwia with mx records and reverse dns configured, but>

would
>> >> not
>> >> > want e-mails to get in through one of the Gwia but just for>

sending
>> >> > outgoing mail. If from the Giwa properties-->Access control, I> use
>> >> the
>> >> > option "prevent incoming mails", will that be ok ? And any mails
>> >> trying
>> >> > to use this Gwia will they be rejected completely or routed to> the
>> >> other
>> >> > two Giwa's ?--

grpadmin--------------------------------------------------------------------
----grpadmin's Profile:
> NOVELL FORUMS - View Profile: a10425 this thread:
> Denying incoming mail through one GWIA - NOVELL FORUMS
0 Likes
Anonymous_User Absent Member.
Absent Member.

Antw: Re: Denying incoming mail through one GWIA

Hi,

I run a similar configuration:

the MX record points to a spam filter (Debian box) and the GWIA send all
outgoing mails.

My records are:

MX: smtp.hofxxxxxx.com ; my MX record
A: smtp.hofxxxxxx.com - IP ; spam filter -
incoming
A: mail.hofxxxxxx.com - IP ; gwia - outgoing


TXT: hofxxxxxx.com - v=spf1 mx a:mail.hofxxxxxx.com -all ; a SPF
record - stops some spamers
TXT: smtp.hofxxxxxx.com - v=spf1 a -all ; second SPF
record

The SPF records are optional but stops some spamers.

Both A records have an PTR record (reverse lookup).


Walter



>>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Montag, 05.

Januar
2009 um 08:56 in Nachricht <grpadmin.3lj5rb@no-mx.forums.novell.com>:

> But if I don't have an MX on this record, I think some domains might not
> accept mails sent from this GWIA as they check for reverse DNS, not so
> ?
> B'se I just use it for sending outbound mail.
>
> avery_larry;1707440 Wrote:
>> And don't have an MX record to this GWIA.
>>
>> >>> On 12/29/08 at 12:46 AM,

>> grpadmin<grpadmin@no-mx.forums.novell.com>
>> wrote:
>> > Thanks for the reply
>> >
>> >
>> > Walter Hofstädtler;1706840 Wrote: > Hi,
>> >>
>> >> denying via "Giwa properties-->Access control" IIRR respond with

>> errors>
>>
>> > like
>> >> "No such recipient"
>> >> an the sender will not deliver to any other GWIA of curse.
>> >>
>> >> A Firewall or a different port as Rick stated is the better

>> solution.
>> >>
>> >> Walter
>> >>
>> >>
>> >>
>> >>
>> >> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag,

>> 26.
>> >> Dezember
>> >> 2008 um 15:26 in Nachricht

>> <grpadmin.3l155c@no-mx.forums.novell.com>:
>> >>
>> >> > The way I did it, was it the wrong way ?
>> >> > And the best way would be to block port 25 on the fire wall ?
>> >> >
>> >> > And If someone claims that messages are not reaching our domain>

>> because
>> >> > that he cannot get a reply from that particular mx record when he>

>> does
>>
>> > a
>> >> > query, would it be enough to tell him that e-mail systems work

>> by>
>> trying
>> >> > all the possible mx records ?
>> >> >
>> >> > Walter Hofstädtler;1706793 Wrote:
>> >> >> Hi,
>> >> >>
>> >> >> place a firewall in front of the gwia and block port 25

>> incoming.
>> >> >>
>> >> >> Walter
>> >> >>
>> >> >>
>> >> >> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am

>> Freitag,>
>> 26.
>> >> >> Dezember
>> >> >> 2008 um 13:36 in Nachricht>

>> <grpadmin.3l101z@no-mx.forums.novell.com>:
>> >> >>
>> >> >> > I have 3 gwia with mx records and reverse dns configured, but>

>> would
>> >> >> not
>> >> >> > want e-mails to get in through one of the Gwia but just for>

>> sending
>> >> >> > outgoing mail. If from the Giwa properties-->Access control, I>

>> use
>> >> >> the
>> >> >> > option "prevent incoming mails", will that be ok ? And any

>> mails
>> >> >> trying
>> >> >> > to use this Gwia will they be rejected completely or routed to>

>> the
>> >> >> other
>> >> >> > two Giwa's ?--

>>

grpadmin--------------------------------------------------------------------

>> ----grpadmin's Profile:
>> > 'NOVELL FORUMS - View Profile: a10425'

>> (http://forums.novell.com/member.php?userid=1798View) this thread:
>> > 'Denying incoming mail through one GWIA - NOVELL FORUMS'

>> (http://forums.novell.com/showthread.php?t=355281)

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Denying incoming mail through one GWIA

>>> On 01/05/09 at 1:56 AM, grpadmin<grpadmin@no-mx.forums.novell.com>
wrote:
> But if I don't have an MX on this record, I think some domains might
> notaccept mails sent from this GWIA as they check for reverse DNS, not
> so?


No so. You do NOT need an MX record on a box that sends out email. Nobody
checks that as an anti-spam measure.

Ted


> B'se I just use it for sending outbound mail.
>
> avery_larry;1707440 Wrote: > And don't have an MX record to this GWIA.
>>
>> >>> On 12/29/08 at 12:46 AM,> grpadmin<grpadmin@no-mx.forums.novell.com>

>> wrote:
>> > Thanks for the reply
>> >
>> >
>> > Walter Hofstädtler;1706840 Wrote: > Hi,
>> >>
>> >> denying via "Giwa properties-->Access control" IIRR respond with>

errors>
>>
>> > like
>> >> "No such recipient"
>> >> an the sender will not deliver to any other GWIA of curse.
>> >>
>> >> A Firewall or a different port as Rick stated is the better>

solution.
>> >>
>> >> Walter
>> >>
>> >>
>> >>
>> >>
>> >> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag,>

26.
>> >> Dezember
>> >> 2008 um 15:26 in Nachricht>

<grpadmin.3l155c@no-mx.forums.novell.com>:
>> >>
>> >> > The way I did it, was it the wrong way ?
>> >> > And the best way would be to block port 25 on the fire wall ?
>> >> >
>> >> > And If someone claims that messages are not reaching our domain>

>> because
>> >> > that he cannot get a reply from that particular mx record when he>>

does
>>
>> > a
>> >> > query, would it be enough to tell him that e-mail systems work> by>

>> trying
>> >> > all the possible mx records ?
>> >> >
>> >> > Walter Hofstädtler;1706793 Wrote:
>> >> >> Hi,
>> >> >>
>> >> >> place a firewall in front of the gwia and block port 25> incoming.
>> >> >>
>> >> >> Walter
>> >> >>
>> >> >>
>> >> >> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am>

Freitag,>
>> 26.
>> >> >> Dezember
>> >> >> 2008 um 13:36 in Nachricht>

>> <grpadmin.3l101z@no-mx.forums.novell.com>:
>> >> >>
>> >> >> > I have 3 gwia with mx records and reverse dns configured, but>

>> would
>> >> >> not
>> >> >> > want e-mails to get in through one of the Gwia but just for>

>> sending
>> >> >> > outgoing mail. If from the Giwa properties-->Access control, I>>

use
>> >> >> the
>> >> >> > option "prevent incoming mails", will that be ok ? And any>

mails
>> >> >> trying
>> >> >> > to use this Gwia will they be rejected completely or routed to>>

the
>> >> >> other
>> >> >> > two Giwa's ?--

>>

grpadmin--------------------------------------------------------------------

>> ----grpadmin's Profile:
>> > 'NOVELL FORUMS - View Profile: a10425'>

> (http://forums.novell.com/member.php?userid=1798View) this thread:
>> > 'Denying incoming mail through one GWIA - NOVELL FORUMS'>

> (http://forums.novell.com/showthread.php?t=355281)--

grpadmin--------------------------------------------------------------------
----grpadmin's
> Profile: http://forums.novell.com/member.php?userid=1798View this thread:


> http://forums.novell.com/showthread.php?t=355281

0 Likes
grpadmin Absent Member.
Absent Member.

Re: Denying incoming mail through one GWIA

some check, I had experience with that, some few domains were not accepting mails from my domain until I put a reverse dns.

avery_larry;1709578 wrote:
>>> On 01/05/09 at 1:56 AM, grpadmin<grpadmin@no-mx.forums.novell.com>
wrote:
> But if I don't have an MX on this record, I think some domains might
> notaccept mails sent from this GWIA as they check for reverse DNS, not
> so?


No so. You do NOT need an MX record on a box that sends out email. Nobody
checks that as an anti-spam measure.

Ted


> B'se I just use it for sending outbound mail.
>
> avery_larry;1707440 Wrote: > And don't have an MX record to this GWIA.
>>
>> >>> On 12/29/08 at 12:46 AM,> grpadmin<grpadmin@no-mx.forums.novell.com>

>> wrote:
>> > Thanks for the reply
>> >
>> >
>> > Walter Hofstädtler;1706840 Wrote: > Hi,
>> >>
>> >> denying via "Giwa properties-->Access control" IIRR respond with>

errors>
>>
>> > like
>> >> "No such recipient"
>> >> an the sender will not deliver to any other GWIA of curse.
>> >>
>> >> A Firewall or a different port as Rick stated is the better>

solution.
>> >>
>> >> Walter
>> >>
>> >>
>> >>
>> >>
>> >> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am Freitag,>

26.
>> >> Dezember
>> >> 2008 um 15:26 in Nachricht>

<grpadmin.3l155c@no-mx.forums.novell.com>:
>> >>
>> >> > The way I did it, was it the wrong way ?
>> >> > And the best way would be to block port 25 on the fire wall ?
>> >> >
>> >> > And If someone claims that messages are not reaching our domain>

>> because
>> >> > that he cannot get a reply from that particular mx record when he>>

does
>>
>> > a
>> >> > query, would it be enough to tell him that e-mail systems work> by>

>> trying
>> >> > all the possible mx records ?
>> >> >
>> >> > Walter Hofstädtler;1706793 Wrote:
>> >> >> Hi,
>> >> >>
>> >> >> place a firewall in front of the gwia and block port 25> incoming.
>> >> >>
>> >> >> Walter
>> >> >>
>> >> >>
>> >> >> >>> grpadmin<grpadmin@no-mx.forums.novell.com> schrieb am>

Freitag,>
>> 26.
>> >> >> Dezember
>> >> >> 2008 um 13:36 in Nachricht>

>> <grpadmin.3l101z@no-mx.forums.novell.com>:
>> >> >>
>> >> >> > I have 3 gwia with mx records and reverse dns configured, but>

>> would
>> >> >> not
>> >> >> > want e-mails to get in through one of the Gwia but just for>

>> sending
>> >> >> > outgoing mail. If from the Giwa properties-->Access control, I>>

use
>> >> >> the
>> >> >> > option "prevent incoming mails", will that be ok ? And any>

mails
>> >> >> trying
>> >> >> > to use this Gwia will they be rejected completely or routed to>>

the
>> >> >> other
>> >> >> > two Giwa's ?--

>>

grpadmin--------------------------------------------------------------------

>> ----grpadmin's Profile:
>> > 'NOVELL FORUMS - View Profile: a10425'>

> (NOVELL FORUMS - View Profile: a10425) this thread:
>> > 'Denying incoming mail through one GWIA - NOVELL FORUMS'>

> (Denying incoming mail through one GWIA - NOVELL FORUMS

grpadmin--------------------------------------------------------------------
----grpadmin's
> Profile: NOVELL FORUMS - View Profile: a10425 this thread:


> Denying incoming mail through one GWIA - NOVELL FORUMS
0 Likes
Knowledge Partner
Knowledge Partner

Re: Denying incoming mail through one GWIA

Hi,

grpadmin wrote:
>
> some check, I had experience with that, some few domains were not
> accepting mails from my domain until I put a reverse dns.


Definitely, but reverse DNS wasnt the topic. It was MX records, and
*nobody* checks if the sending server also has a MX, that would fail
miserably.

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
pokello Absent Member.
Absent Member.

Re: Denying incoming mail through one GWIA

Oh yes, sorry to confuse the two, thanks


mrosen;1710701 wrote:
Hi,

grpadmin wrote:
>
> some check, I had experience with that, some few domains were not
> accepting mails from my domain until I put a reverse dns.


Definitely, but reverse DNS wasnt the topic. It was MX records, and
*nobody* checks if the sending server also has a MX, that would fail
miserably.

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
Untitled Document
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.