zynkx wrote:antony: the only reason why i am doing this is because i am blocking all incoming connectios to my box except portuguese connections. i manage to get all the portuguese ip ranges, put the forward chain to drop and a accepted all the sources i want to get connections from. this way i will only be accepting connetions from portugal, since that the ammount of users i administrate is not enough for that machine to be opened to the whole world. there are in fact lots of users expecting mail to come from those 2 most known smtps, so this forces me to accept connectiosn from those domains :)) the way i see it, filtering with qmail doesn´t make any sense, because what i want is not to filter but to accept :))) It depends on your approach. Whether you let all the mail through iptables and filter at qmail, or filter at iptables and allow qmail to accept everything, the result is the same. The difference is that MTAs are specifically designed to allow filtering of mail in many different ways including by smtp source. The advange qmail has over iptables is that it can filter by domain and resolve the IPs itself (I don't use qmail but I'm assuming it has the same features as other MTAs). That means that if you want to allow Yahoo.com qmail can resolve that to *any* Yahoo.com mail address whereas iptables can only block the IPs you specify. If Yahoo goes out and gets assigned new IPs your way would block them. A qmail filter would resolve the IP based on the domain and let it through. That's why I recommend the qmail solution Jeff |
