Create alias based on MX records

Started by Taomyn, August 03, 2022, 10:35:48 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 03, 2022, 10:35:48 AM
Is it possible to create a firewall alias that is based on the IPs from the MX records of the domain I set?


I want to block just the mail servers of a few annoying providers that seem to constantly try to test my mail server.
August 03, 2022, 08:45:55 PM #1
A new alias type would be required as the current host one is A/AAAA and hardwired for it.

The MX is a little more difficult since you do MX -> A/AAAA -> IP as far as I remember.


Cheers,
Franco
August 03, 2022, 08:51:00 PM #2
Damn, I'll put it in as a feature request, but in the meantime I'll see if I can code a script to generate a file I can pick up with a URL - an nslookup with type set to MX returns just the IPs from what I have seen in Windows.


Thanks.
August 03, 2022, 08:55:58 PM #3
Just tested...

MX   opnsense.org. 900 IN MX 0 mail.opnsense.org.


Cheers,
Franco
August 04, 2022, 02:38:29 PM #4

:P


Code Select

nslookup -type=MX gmail.com


Server:  XXX
Address:  192.168.1.11


Non-authoritative answer:
gmail.com       MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com
gmail.com       MX preference = 30, mail exchanger = alt3.gmail-smtp-in.l.google.com
gmail.com       MX preference = 20, mail exchanger = alt2.gmail-smtp-in.l.google.com
gmail.com       MX preference = 10, mail exchanger = alt1.gmail-smtp-in.l.google.com
gmail.com       MX preference = 40, mail exchanger = alt4.gmail-smtp-in.l.google.com


gmail-smtp-in.l.google.com      internet address = 142.250.102.27
gmail-smtp-in.l.google.com      AAAA IPv6 address = ::
alt3.gmail-smtp-in.l.google.com internet address = 74.125.200.27
alt3.gmail-smtp-in.l.google.com AAAA IPv6 address = ::
alt2.gmail-smtp-in.l.google.com internet address = 142.250.150.27
alt2.gmail-smtp-in.l.google.com AAAA IPv6 address = ::
alt1.gmail-smtp-in.l.google.com internet address = 142.251.9.26
alt1.gmail-smtp-in.l.google.com AAAA IPv6 address = ::
alt4.gmail-smtp-in.l.google.com internet address = 142.250.157.26
alt4.gmail-smtp-in.l.google.com AAAA IPv6 address = ::

Code Select

nslookup -type=MX opnsense.org


Server:  XXXXX
Address:  192.168.1.11


Non-authoritative answer:
opnsense.org    MX preference = 0, mail exchanger = mail.opnsense.org


mail.opnsense.org       internet address = 81.171.24.236
August 04, 2022, 02:43:36 PM #5
Fair enough, it seems to do the two passes in the same run. Not a fan, but certainly convenient for debugging.


Cheers,
Franco
August 04, 2022, 03:00:23 PM #6
It's more complex in Powershell as it also doesn't do the extra passes:


Code Select

Resolve-DnsName -Name gmail.com -Type MX | where {$_.NameExchange -ne $null} | Resolve-DnsName | where {$_.IP4Address -ne $null} | select -Unique IP4Address


IP4Address
----------
142.250.150.27
142.251.9.26
142.250.157.27
142.250.102.26
74.125.200.26


Once I figure out the whole script I'll post it here in case anyone else is interested in it
Print
Go Up Pages1
User actions