>>b) how do I determine the source IP address of those domains >Email can come from anywhere, via multiple routes that do not > have any direct relation with the sending domain.
I thought if I entered the domain name, say dsta.gov.sg into www.mxtoolbox.com, it would list out all the smtp/mail servers from that domain & I would be able to permit tcp25 on my firewall to let those mail servers access my SMTP server. Ok, now I understand it doesn't work this way because even if the emails come from dsta.gov.sg, it may be a non-DSTA's email server that needs Tcp25 connection to my mail server, is this right? >it is the sending DOMAIN you wish to accept mail Yes, that's right, I just wish to receive emails from those 6 domains only. I'm going to run Dovecot on my postfix server as well, so I guess the firewall has to permit POP3 (Tcp110) from selected (or rather restricted) POP3 clients that I have out there - guess this makes sense? > is the "risk" of accepting forged sender addresses in the > allowed domains tolerable Certainly not tolerable. I suppose you meant spoofed emails : so if I permit SMTP from those authorized domains' email gateways (as obtained from www.mxtoolbox.com), does it protect me from forged or spoofed emails ? (spoofed = someone who does not have a mailbox in say dsta.gov.sg sending me emails with address x...@dsta.gov.sg) Thanks U
