Thanks very much Thomas, it worked a treat.
M
<p>Thanks very much Thomas, it worked a treat.</p><p>&nbsp;</p><p>M
</p>
Community Discussions and Support
Using ISP forwarders
Hello all,
I would like to set-up Pegasus to always use my ISP forwarders rather than delivering directly using DNS. I cannot find this option anywhere.
Is there some special way of setting this up?
Thanks,
Miguel
<p>Hello all,</p><p>&nbsp;</p><p>I would like to set-up Pegasus to always use my ISP forwarders rather than delivering directly using DNS. I cannot find this option anywhere.</p><p>&nbsp;</p><p>Is there some special way of setting this up?</p><p>&nbsp;</p><p>Thanks,</p><p>&nbsp;</p><p>Miguel
</p>
I assume that the ISP forwarder is specified as an MX host for yuor domain and if so you can use the MercuryS ALLOW and REFUSE to allow the IP address of the MX host(s) and then refuse IP addresses 0.0.0.1 to 255.255.255.255 to reject all others. Now only one IP address can connect, the others will be rejected and and fallback to the MX host.
FWIW, this means you cannot use any of the MercuryS rejections, blacklisting, greywall, or short term blacklisting since this would block all mail to your system.
Connection control
The Connection Control section allows you to place restrictions on the hosts from which MercuryS will accept connections, and to configure certain capabilities, such as relaying, based on the address of the connected host. A connection control entry can apply to a single address, or to a range of addresses. To add an entry to the list, click the Add restriction button; if you wish to create a restriction for a single address, enter that address in the "From" (left-hand) address field in normal dotted IP notation. To create a restriction for a range of addresses, enter the lowest address in the range you want to restrict in the "From" field, and the highest address you want to restrict in the "To" field. The addresses are inclusive, so both the addresses you enter are considered part of the range.
If you check the Refuse connections radio control, Mercury will not accept incoming connections from this address. Use this to suppress sites that are abusive or have been hijacked by spammers.
If you check the Connections may relay through this server control, Mercury will use this as part of the process it applies to determine whether or not a specific connection can relay mail (see below).
If you check the Connections are exempt from transaction filtering control, Mercury will not apply any transaction-level filtering expressions you might have created to filter the commands supplied by connected clients; this is particularly useful, or even essential if you have local workstations running clients like Pegasus Mail or Eudora that need relaying facilities via your server.
If you check the Autoenable session logging for connections from this address range control, Mercury will automatically turn on session logging for any connection coming from the specified range of addresses. Session logs collect a complete transcript of the entire exchange between the client and MercuryS, and can be extremely useful in diagnosing problems and for evidentiary purposes. Remember when using this option that session logs are at least as large as all the data exchanged in the session, and they can chew through space at considerable speed - use them carefully.
To edit a connection control entry, highlight it in the list, then click the Change selection button.
How Mercury applies connection control entries
The list of connection control entries you create can contain entries that overlap (i.e, entries that refer to addresses also covered by other entries). In the case of overlapping entries, Mercury uses the following method to select the entry it should use for any given address: if there is an entry that refers to the address on its own (not as part of a range), then Mercury will automatically use that entry; otherwise, it looks for the range that most closely encompasses the address and uses that.
Example: You have a Refuse entry covering the range from 198.2.5.1 to 198.2.5.128, and an Allow entry covering the range from 198.2.5.10 to 198.2.5.20: if a machine with the address 198.2.5.12 connects to Mercury, it will select the Allow entry to cover the connection, because the allow entry most tightly encompasses the connecting address (the range covers 11 addresses, where the Refuse entry's range covers 128 addresses).
.
<p>I assume that the ISP forwarder is specified as an MX host for yuor domain and if so you can use the MercuryS ALLOW and REFUSE to allow the IP address of the MX host(s) and then refuse IP addresses 0.0.0.1 to 255.255.255.255 to reject all others.&nbsp; Now only one IP address can connect, the others will be rejected and and fallback to the MX host.&nbsp; </p><p>FWIW, this means you cannot use any of the MercuryS rejections, blacklisting, greywall, or short term blacklisting since this would block all mail to your system.
</p><p><i><b>Connection control</b></i>
The Connection Control section allows you to place restrictions on the hosts from which MercuryS will accept connections, and to configure certain capabilities, such as relaying, based on the address of the connected host. A connection control entry can apply to a single address, or to a range of addresses. To add an entry to the list, click the Add restriction button; if you wish to create a restriction for a single address, enter that address in the "From" (left-hand) address field in normal dotted IP notation. To create a restriction for a range of addresses, enter the lowest address in the range you want to restrict in the "From" field, and the highest address you want to restrict in the "To" field. The addresses are inclusive, so both the addresses you enter are considered part of the range.
If you check the Refuse connections radio control, Mercury will not accept incoming connections from this address. Use this to suppress sites that are abusive or have been hijacked by spammers.
If you check the Connections may relay through this server control, Mercury will use this as part of the process it applies to determine whether or not a specific connection can relay mail (see below).
If you check the Connections are exempt from transaction filtering control, Mercury will not apply any transaction-level filtering expressions you might have created to filter the commands supplied by connected clients; this is particularly useful, or even essential if you have local workstations running clients like Pegasus Mail or Eudora that need relaying facilities via your server.
If you check the Autoenable session logging for connections from this address range control, Mercury will automatically turn on session logging for any connection coming from the specified range of addresses. Session logs collect a complete transcript of the entire exchange between the client and MercuryS, and can be extremely useful in diagnosing problems and for evidentiary purposes. Remember when using this option that session logs are at least as large as all the data exchanged in the session, and they can chew through space at considerable speed - use them carefully.
To edit a connection control entry, highlight it in the list, then click the Change selection button.
How Mercury applies connection control entries
The list of connection control entries you create can contain entries that overlap (i.e, entries that refer to addresses also covered by other entries). In the case of overlapping entries, Mercury uses the following method to select the entry it should use for any given address: if there is an entry that refers to the address on its own (not as part of a range), then Mercury will automatically use that entry; otherwise, it looks for the range that most closely encompasses the address and uses that.
Example: You have a Refuse entry covering the range from 198.2.5.1 to 198.2.5.128, and an Allow entry covering the range from 198.2.5.10 to 198.2.5.20: if a machine with the address 198.2.5.12 connects to Mercury, it will select the Allow entry to cover the connection, because the allow entry most tightly encompasses the connecting address (the range covers 11 addresses, where the Refuse entry's range covers 128 addresses).
&nbsp;</p><p>&nbsp;</p><p>.</p><p>&nbsp;</p>
Hi Thomas, and thanks for your quick reply.
Unfortunately I think I didn't explain myself correctly - I even mentioned Pegasus, when I meant Mercury...
What I meant to say was, only use the forwarders at my ISP for any outbound e-mail that my Mercury is going to deliver.
Going further into why, I have an external firewall outside of my control that only allows outbound connections for SMTP or TLS connections to my ISPs forwarders, and these are configured to accept e-mail from my machine for relaying.
Is there a way to chieve that in Mercury?
Thanks,
Miguel
<p>Hi Thomas, and thanks for your quick reply.</p><p>&nbsp;</p><p>Unfortunately I think I didn't explain myself correctly - I even mentioned Pegasus, when I meant Mercury... </p><p>&nbsp;</p><p>What I meant to say was, only use the forwarders at my ISP for any outbound e-mail that my Mercury is going to deliver.</p><p>&nbsp;</p><p>Going further into why, I have an external firewall outside of my control that only allows outbound connections for SMTP or TLS connections to my ISPs forwarders, and these are configured to accept e-mail from my machine for relaying.</p><p>&nbsp;</p><p>Is there a way to chieve that in Mercury?</p><p>&nbsp;</p><p>Thanks,</p><p>&nbsp;</p><p>Miguel
</p>
What I meant to say was, only use the forwarders at my ISP for any outbound e-mail that my Mercury is going to deliver.
Going
further into why, I have an external firewall outside of my control
that only allows outbound connections for SMTP or TLS connections to my
ISPs forwarders, and these are configured to accept e-mail from my
machine for relaying.
Is there a way to chieve that in Mercury?
Yep, change from MercuryE to MercuryC. MercuryC will use your ISP SMTP host as a relay host just like you would with an e-mail client. Use Configuration | Protocols to switch from MercuryE to MercuryC and then re-boot Mercury to implement the change. The MercuryC configuration is fairly straightforward and can also use SSL/TLS and ESMTP authentication if required. Make sure you are running Mercury/32 v4.62 to get all the bells and whistles in MercuryC.
<blockquote><p>What I meant to say was, only use the forwarders at my ISP for any outbound e-mail that my Mercury is going to deliver.</p><p>Going
further into why, I have an external firewall outside of my control
that only allows outbound connections for SMTP or TLS connections to my
ISPs forwarders, and these are configured to accept e-mail from my
machine for relaying.</p><p>Is there a way to chieve that in Mercury?</p></blockquote><p>Yep, change from MercuryE to MercuryC.&nbsp; MercuryC will use your ISP SMTP host as a relay host just like you would with an e-mail client.&nbsp; Use Configuration | Protocols to switch from MercuryE to MercuryC and then re-boot Mercury to implement the change.&nbsp; The MercuryC configuration is fairly straightforward and can also use SSL/TLS and ESMTP authentication if required. Make sure you are running Mercury/32 v4.62 to get all the bells and whistles in MercuryC.
</p><p>&nbsp;</p>
This topic is closed
With selected
deselect posts
show selected posts
All posts under this topic will be deleted ?