Götz Reinicke wrote:
Hi,
I hope, somewone can point me into the right direction.
Recently I added two blacklist-checks to our sendmail config: spamhaus
zen and the list from the german computer magazin IX.
First. an important distinction. These are not _blacklists_, they are
_blocklists_. You can use those lists to blacklist people.
IP addresses get on the lists because people allege they get spam from
those sources. I suspect that they're mostly infected with malware and
0wn3d by someone else.
The good news: Spam has been about 70%-80%, now it is about 20%-30%. The
bad news: A lot of our users have problems sendig mails from there dial
up DSL or mobile phone network connections. I'v looked up there IPs and
all where on the Black lists or the PBL from spamhaus. So was my Arcor
IP last night :-)
I'm not assuming anything about your users; their computers might be
infected and be out of their control, or they might have inherited the
bad reputation from someone else. In _your_ position, I'd assume
(without telling users it's their fault) that they are in need of a
safety check. I do assume that they're on the block list for good reason.
The information from spamhaus is, to use SMTP Authentification
(http://www.spamhaus.org/pbl/query/PBL042952).
I thought, we do use TLS and smtp auth already, so I thought, users
allowed to log in will be allowd to send. But I got the errormessage
using Thunderbird 2, that our mailserver didn't support STARTTLS in
combination with EHLO.
My first suggestion is to require your Windows users to download and run
Microsoft's malicious software removal tool.
You should also require them to not use administrator accounts for
everyday work.
AV software is good too (but I don't use it[1])
My next suggestion is to send your email via your Internet Access
Provider's mail gateway.
Your users' computers also needs to be configured to send mail through a
specific server rather than direct.
There are network administrators who block IP addresses just because
they're used for dynamic IP.
As far as possible, do not use Outlook, Outlook Express or Internet
Explorer. Instead, use Thunderbird and Firefox, or Seamonkey. Regardless
of how good the MS offerings are, viruses are mostly written to target
them, and don't work with the alternatives.
Outlook-users do get the message, that our server didn't support SSL,
the server error messagt is 250.
I did some hours of googling and checked some sendmail docs, but can't
find the error or missing config settinges.
So where to start/how to debug this problem? What may I check?
If your users need to send mail from laptops while away from your
office, then you can either create a VPN for them to connect through
(that also gives them access to the office LAN and that might be good),
or you need to set up authenticated SMTP for them to use.
They don't need this from inside your office, they just need to send via
your mail server when then sends via your IAP's mail server.
If you need to set up authenticated smtp using sendmail, read
/usr/share/doc/sendmail/README.cf
and print, bind and read
/usr/share/doc/sendmail/doc/op/op.ps which is quite large.
I use postfix, and find O'Reilly's book very useful O'Reilly has a good
book on sendmail too.
[1]
I administer a small network of Windows computers for student use. They
are tied down very thoroughly indeed using AD and Group Policy, and
constrained as to sites they can visit using SquidGuard, Squid and with
active monitoring as to popular sites.
They don't use email, and in the event of an actual problem (I've not
seen any in several years), the recovery plan is to simply reinstall
(it's fully automatic). Users' documents are stored on a server. Staff
computers are mostly Macs running OS X.
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
