Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: Taomyn on August 03, 2022, 10:35:48 AM

Title: Create alias based on MX records
Post by: Taomyn on August 03, 2022, 10:35:48 AM
Is it possible to create a firewall alias that is based on the IPs from the MX records of the domain I set?


I want to block just the mail servers of a few annoying providers that seem to constantly try to test my mail server.
Title: Re: Create alias based on MX records
Post by: franco on August 03, 2022, 08:45:55 PM
A new alias type would be required as the current host one is A/AAAA and hardwired for it.

The MX is a little more difficult since you do MX -> A/AAAA -> IP as far as I remember.


Cheers,
Franco
Title: Re: Create alias based on MX records
Post by: Taomyn on August 03, 2022, 08:51:00 PM
Damn, I'll put it in as a feature request, but in the meantime I'll see if I can code a script to generate a file I can pick up with a URL - an nslookup with type set to MX returns just the IPs from what I have seen in Windows.


Thanks.
Title: Re: Create alias based on MX records
Post by: franco on August 03, 2022, 08:55:58 PM
Just tested...

MX   opnsense.org. 900 IN MX 0 mail.opnsense.org.


Cheers,
Franco
Title: Re: Create alias based on MX records
Post by: Taomyn on August 04, 2022, 02:38:29 PM

:P


Code Select

nslookup -type=MX gmail.com


Server:  XXX
Address:  192.168.1.11


Non-authoritative answer:
gmail.com       MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com
gmail.com       MX preference = 30, mail exchanger = alt3.gmail-smtp-in.l.google.com
gmail.com       MX preference = 20, mail exchanger = alt2.gmail-smtp-in.l.google.com
gmail.com       MX preference = 10, mail exchanger = alt1.gmail-smtp-in.l.google.com
gmail.com       MX preference = 40, mail exchanger = alt4.gmail-smtp-in.l.google.com


gmail-smtp-in.l.google.com      internet address = 142.250.102.27
gmail-smtp-in.l.google.com      AAAA IPv6 address = ::
alt3.gmail-smtp-in.l.google.com internet address = 74.125.200.27
alt3.gmail-smtp-in.l.google.com AAAA IPv6 address = ::
alt2.gmail-smtp-in.l.google.com internet address = 142.250.150.27
alt2.gmail-smtp-in.l.google.com AAAA IPv6 address = ::
alt1.gmail-smtp-in.l.google.com internet address = 142.251.9.26
alt1.gmail-smtp-in.l.google.com AAAA IPv6 address = ::
alt4.gmail-smtp-in.l.google.com internet address = 142.250.157.26
alt4.gmail-smtp-in.l.google.com AAAA IPv6 address = ::

Code Select

nslookup -type=MX opnsense.org


Server:  XXXXX
Address:  192.168.1.11


Non-authoritative answer:
opnsense.org    MX preference = 0, mail exchanger = mail.opnsense.org


mail.opnsense.org       internet address = 81.171.24.236
Title: Re: Create alias based on MX records
Post by: franco on August 04, 2022, 02:43:36 PM
Fair enough, it seems to do the two passes in the same run. Not a fan, but certainly convenient for debugging.


Cheers,
Franco
Title: Re: Create alias based on MX records
Post by: Taomyn on August 04, 2022, 03:00:23 PM
It's more complex in Powershell as it also doesn't do the extra passes:


Code Select

Resolve-DnsName -Name gmail.com -Type MX | where {$_.NameExchange -ne $null} | Resolve-DnsName | where {$_.IP4Address -ne $null} | select -Unique IP4Address


IP4Address
----------
142.250.150.27
142.251.9.26
142.250.157.27
142.250.102.26
74.125.200.26


Once I figure out the whole script I'll post it here in case anyone else is interested in it
Text only | Text with Images