> Matus UHLAR - fantomas wrote:
> >IIRC there was already case provided when MTA didn' dns lookup so it was
> >made to be done via SA (and afaik SA did it before). If my memory is
> >correct, this would be just another case
> >(sorry, no time to search archives/bugs/google by now)
On 29.06.08 16:0
Matus UHLAR - fantomas wrote:
[snip]
IIRC there was already case provided when MTA didn' dns lookup so it was
made to be done via SA (and afaik SA did it before). If my memory is
correct, this would be just another case
(sorry, no time to search archives/bugs/google by now)
yes, it is prob
Matus UHLAR - fantomas wrote:
... and I thought I explained it in the sentence before. Since DNS lookup is
not made by MTA and SA expects it to be, the case where the RDNS is not in Received:
is taken as there is not rdns. Since there is verison's HELO but not RDNS,
it's FM_FAKE_HELO_VERIZON...
> >>Matt Kettler wrote:
> >>
> [snip]
> if so that fake helo should not be fake :=)
>
>
> >>>Well, it shouldn't be fake, because 206.46.173.3 really is
> >>>vms173003pub.verizon.net.
> >>>
> >>>However, it would appear that athena.apache.orgdidn't get an answer to
>
Matus UHLAR - fantomas wrote:
Matt Kettler wrote:
[snip]
if so that fake helo should not be fake :=)
Well, it shouldn't be fake, because 206.46.173.3 really is
vms173003pub.verizon.net.
However, it would appear that athena.apache.orgdidn't get an answer to
its PTR querry.. ei
> Matt Kettler wrote:
> >>[snip]
> >>if so that fake helo should not be fake :=)
> >>
> >Well, it shouldn't be fake, because 206.46.173.3 really is
> >vms173003pub.verizon.net.
> >
> >However, it would appear that athena.apache.orgdidn't get an answer to
> >its PTR querry.. either that or the h
Matt Kettler wrote:
[snip]
if so that fake helo should not be fake :=)
Well, it shouldn't be fake, because 206.46.173.3 really is
vms173003pub.verizon.net.
However, it would appear that athena.apache.orgdidn't get an answer to
its PTR querry.. either that or the headers generated by
athen
Jo, didn't you get your answer several times now? I don't understand
why this thread continues.
Jo Rhett wrote:
On Jun 25, 2008, at 6:34 PM, Benny Pedersen wrote:
then stop cc me
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
tests=FM_FAKE_HELO_VERIZON,SPF_PASS
X-Spam-Check-By: apache.or
Benny Pedersen wrote:
On Thu, June 26, 2008 04:40, Matt Kettler wrote:
I'll attempt to do so. Didn't realize you disliked it.
its like asking 2 times for the same answer and wonder why no answer
Well then set a Reply-to header to point to the list when you post
here... That's what
Dave, what are you complaining about? This thread went sideways
without my involvement. I was replying to someone else's query about
Benny's mail servers sending back random SPF failure backscatter
messages.
On Jun 26, 2008, at 5:22 PM, Dave Koontz wrote:
Jo, didn't you get your answer se
On Fri, June 27, 2008 02:08, Jo Rhett wrote:
> I'm sorry, but you're a constant source of backscatter, Benny.
and you are a constant ignorant sending me cc
get a life
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
On Jun 25, 2008, at 6:34 PM, Benny Pedersen wrote:
then stop cc me
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
tests=FM_FAKE_HELO_VERIZON,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of [EMAIL PROTECTED]
designates 206.46.173.3 as permitted sender)
Re
> Benny Pedersen wrote:
> >On Fredag, 20/6 2008, 10:04, Henrik K wrote:
> >
> >>On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
> >>
> >>>That is correct, SPF checks are applied to the first untrusted host.
> >>>
> >>Matt, you should know better. ;) It's first _external_ h
On Thu, June 26, 2008 04:40, Matt Kettler wrote:
> I'll attempt to do so. Didn't realize you disliked it.
its like asking 2 times for the same answer and wonder why no answer
> I'm SA interpreted the Received header as meaning that athena.apache.org
> found no reverse-lookup the host, and that
Benny Pedersen wrote:
On Thu, June 26, 2008 02:54, Matt Kettler wrote:
It's a fine distinction, but one that does matter to some folks who are
set up this way. In most cases the two are equal, but that doesn't
excuse me from confusing the two. I should know better. :)
then stop cc me
On Thu, June 26, 2008 02:54, Matt Kettler wrote:
> It's a fine distinction, but one that does matter to some folks who are
> set up this way. In most cases the two are equal, but that doesn't
> excuse me from confusing the two. I should know better. :)
then stop cc me
X-ASF-Spam-Status: No, hit
Benny Pedersen wrote:
On Fredag, 20/6 2008, 10:04, Henrik K wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host.
Matt, you should know better. ;) It's first _external_ host.
and is most o
> On Jun 25, 2008, at 2:34 AM, Henrik K wrote:
> >You have already your options:
> >
> >- Add all hosts to internal_networks.
> >- Don't call SA at all
> >
> >Why is this getting on and on?
On 25.06.08 03:00, Jo Rhett wrote:
> Why is it getting offtopic, I don't know.
>
> Why is the conversation
Jo Rhett wrote:
On Jun 22, 2008, at 8:22 PM, Matt Kettler wrote:
Just because a packet can get theredoesn't mean they can deliver
mail. (by the way, IMO you're *insane* for not having a something in
place that filters such things. A simple PIX firewall at your border
with "ip verify reverse-pa
On Wed, Jun 25, 2008 at 03:08:48AM -0700, Jo Rhett wrote:
>> On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote:
>>> reading the code it implies that maybe I should make
>>> internal_networks explicitly defined (right now its implicit and
>>> thus ==
>>> trusted_networks) to be smaller tha
Jo Rhett wrote:
If you do get a connection attempt from a non routable address on your
SMTP servers external interface, you should have no way to acknowladge
the connection if your own border router is configured correctly.
You are assuming that there is enough infrastructure to provide a bor
On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote:
reading the code it implies that maybe I should make
internal_networks explicitly defined (right now its implicit and
thus ==
trusted_networks) to be smaller than trusted networks. This will
probably solve my SPF problem. Is there a
On Jun 25, 2008, at 2:49 AM, Matus UHLAR - fantomas wrote:
slovakia ended on machine at german machine. I know that something
can be
broken at this level. I just think that SA should not take care about
this...
Hm. Not sure I agree. I'm not asking SA to prevent it from
happening. I just
On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote:
> On Jun 25, 2008, at 2:34 AM, Henrik K wrote:
>> This is getting out of hand and offtopic..
>
> Yes
>
>> You have already your options:
>>
>> - Add all hosts to internal_networks.
>> - Don't call SA at all
>>
>> Why is this getting on and o
On Jun 25, 2008, at 2:34 AM, Henrik K wrote:
This is getting out of hand and offtopic..
Yes
You have already your options:
- Add all hosts to internal_networks.
- Don't call SA at all
Why is this getting on and on?
Why is it getting offtopic, I don't know.
Why is the conversation still
> On Jun 23, 2008, at 12:23 AM, Matus UHLAR - fantomas wrote:
> >it one packet reaches your host, nothing happends. Fot the TCP/SMTP
> >connections to be opened, (at least) three packets must be sent, in
> >both
> >directions. If you can trace to 10.x address that is not part of your
> >network,
On Wed, Jun 25, 2008 at 02:18:01AM -0700, Jo Rhett wrote:
>
> NOW, let's return to securing SA properly.
This is getting out of hand and offtopic..
You have already your options:
- Add all hosts to internal_networks.
- Don't call SA at all
Why is this getting on and on?
On Jun 23, 2008, at 12:23 AM, Matus UHLAR - fantomas wrote:
it one packet reaches your host, nothing happends. Fot the TCP/SMTP
connections to be opened, (at least) three packets must be sent, in
both
directions. If you can trace to 10.x address that is not part of your
network, it's a problem
On Jun 22, 2008, at 8:22 PM, Matt Kettler wrote:
Just because a packet can get theredoesn't mean they can deliver
mail. (by the way, IMO you're *insane* for not having a something in
place that filters such things. A simple PIX firewall at your border
with "ip verify reverse-path" enabled wo
On Jun 22, 2008, at 4:09 PM, Jonas Eckerman wrote:
If you do get a connection attempt from a non routable address on
your SMTP servers external interface, you should have no way to
acknowladge the connection if your own border router is configured
correctly.
You are assuming that there is
On Jun 20, 2008, at 1:52 PM, mouss wrote:
I've never had an ISP/hoster block bogons, but I've never let them
in. it's part of the first rules in ipf/pf/iptables/router/$FW (and
in both directions. so my networks never send packets with bogon IPs
to the internet). if you don't partition the n
On Jun 20, 2008, at 1:13 PM, Henrik K wrote:
On Fri, Jun 20, 2008 at 12:58:55PM -0700, Jo Rhett wrote:
On Jun 20, 2008, at 12:44 PM, Henrik K wrote:
You _need_ to have everything internal, so there will be no SPF
lookups.
Your fear of IP spoofers makes no sense to me, how do you think
someone
c
> On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
> >10.x is (supposedly) not routable on the public internet. If you see
> >10.x (or other RFC-1918) traffic coming in from the world, your ISP
> >is broken.
On 20.06.08 11:57, Jo Rhett wrote:
> Does your ISP filter egress packets on your inter
Jo Rhett wrote:
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP
is broken.
You don't run packet sniffers on your hosts much, do you? ;-)
Does your ISP fi
Jo Rhett wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP is
broken.
You don't run packet sniffers on your hosts much, do you? ;-)
If you do get a connection attempt from a non routable address o
Jo Rhett wrote:
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP
is broken.
You don't run packet sniffers on your hosts much, do you? ;-)
Does your ISP fi
On Fri, 20 Jun 2008, Jo Rhett wrote:
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see 10.x
(or other RFC-1918) traffic coming in from the world, your ISP is broken.
You don't run packet sniffers on your hosts much, do you? ;
On Fri, Jun 20, 2008 at 12:58:55PM -0700, Jo Rhett wrote:
> On Jun 20, 2008, at 12:44 PM, Henrik K wrote:
>> You _need_ to have everything internal, so there will be no SPF
>> lookups.
>> Your fear of IP spoofers makes no sense to me, how do you think
>> someone
>> could accomplish that? Just p
On Jun 20, 2008, at 12:44 PM, Henrik K wrote:
You _need_ to have everything internal, so there will be no SPF
lookups.
Your fear of IP spoofers makes no sense to me, how do you think
someone
could accomplish that? Just put the 10.something there.
You could have said that a lot easier ;-)
U
On Fri, Jun 20, 2008 at 12:31:06PM -0700, Jo Rhett wrote:
> On Jun 20, 2008, at 12:23 PM, Henrik K wrote:
>> Jo, you are unbelievable in a funny way.
>>
>> You always come up with dozens of posts seemingly with the attitude "I
>> must
>> be right". You don't configure things like they should be, a
On Jun 20, 2008, at 12:23 PM, Henrik K wrote:
Jo, you are unbelievable in a funny way.
You always come up with dozens of posts seemingly with the attitude
"I must
be right". You don't configure things like they should be, and then
complain
that things don't work. Just set up the friggin netw
On Fri, Jun 20, 2008 at 11:57:38AM -0700, Jo Rhett wrote:
> On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
>> 10.x is (supposedly) not routable on the public internet. If you see
>> 10.x (or other RFC-1918) traffic coming in from the world, your ISP is
>> broken.
>
>
> You don't run packet sni
On Fredag, 20/6 2008, 20:49, John Hardin wrote:
> 10.x is (supposedly) not routable on the public internet. If you see 10.x
> (or other RFC-1918) traffic coming in from the world, your ISP is broken.
pppoe, but firewall it to be sure, rule is newer accept connections from non
routable ips from o
On Fri, Jun 20, 2008 at 11:01:40AM -0700, Jo Rhett wrote:
> On Jun 20, 2008, at 10:44 AM, Henrik K wrote:
>> On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
> On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
>> That is correct, SPF checks are applied to the first untr
On Fredag, 20/6 2008, 19:59, Jo Rhett wrote:
>> netconsonance.com. IN TXT "v=spf1 ip4:64.13.134.178 ip4:64.13.143.17
>> ip4:209.157.140.144 mx ~all"
>> not you ?
> Nope ;-)
added .17 to the domain you are sending from, but its not you so not your
problem :)
Benny Pedersen
Need more webspace ?
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP
is broken.
You don't run packet sniffers on your hosts much, do you? ;-)
Does your ISP filter egress pac
On Fri, 20 Jun 2008, Jo Rhett wrote:
On Jun 19, 2008, at 9:21 PM, John Hardin wrote:
/from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo\.com (/
You actually need some backslashes too, but I figured it out. Thanks.
D'oh!
See my other note about trusted_hosts breaking all f
On Jun 19, 2008, at 9:21 PM, John Hardin wrote:
/from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo
\.com
(/
You actually need some backslashes too, but I figured it out. Thanks.
See my other note about trusted_hosts breaking all forms of
whitelisting, FYI. This kind of h
On Fredag, 20/6 2008, 10:04, Henrik K wrote:
> On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
>> That is correct, SPF checks are applied to the first untrusted host.
> Matt, you should know better. ;) It's first _external_ host.
and is most of the time olso first untrusted ? :)
bo
On Jun 20, 2008, at 10:44 AM, Henrik K wrote:
On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted
host
Henrik K wrote:
Matt, you should know better. ;) It's fi
On Fredag, 20/6 2008, 05:37, Jo Rhett wrote:
I'm trying to figure out how to stop SPF_FAIL on messages generated
on
an internal rfc1918 network and routed through a trusted host.
On Jun 20, 2008, at 10:37 AM, Benny Pedersen wrote:
netconsonance.com. IN TXT "v=spf1 ip4:64.13.134.178 ip4:64.1
On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
>>> On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host
>>>
>
>> Henrik K wrote:
>>> Matt, you should know better. ;) It's first _external_ host.
>
> On Jun 2
On Fredag, 20/6 2008, 05:37, Jo Rhett wrote:
> I'm trying to figure out how to stop SPF_FAIL on messages generated on
> an internal rfc1918 network and routed through a trusted host.
netconsonance.com. IN TXT "v=spf1 ip4:64.13.134.178 ip4:64.13.143.17
ip4:209.157.140.144 mx ~all"
not you ?
>> R
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host
Henrik K wrote:
Matt, you should know better. ;) It's first _external_ host.
On Jun 20, 2008, at 3:54 AM, Matt Kettler wrote:
Doh.. my bad.
Huh? How are y
On Jun 19, 2008, at 9:12 PM, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host.
The question here would be if 10.x.x.x is in fact an internal, and
presumably trusted, network, why isn't it trusted?
The mail server I'm receiving this on is in the outside
On Fri, 20 Jun 2008, mouss wrote:
John Hardin wrote:
On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote:
> header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\])
> by arran\.svcolo\.com (/
> score XX -5
Oops. Need some plusses in there...
/from \S+\.svcolo\.com (\
Matt Kettler wrote:
Why do neither of those options make sense? I do both in my network,
albeit that version SPF is only in my internal view, and I actually
use 10.xx.0.0/16 not 10/8. (I only use a /16, not the whole /8)
Is there some detail that's missing here? ie: do you have a compelling
r
Henrik K wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host.
Matt, you should know better. ;) It's first _external_ host.
Doh.. my bad.
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
>
> That is correct, SPF checks are applied to the first untrusted host.
Matt, you should know better. ;) It's first _external_ host.
John Hardin wrote:
On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote:
header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) by
arran\.svcolo\.com (/
score XX -5
Oops. Need some plusses in there...
/from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svc
On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote:
> header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) by
> arran\.svcolo\.com (/
> score XX -5
Oops. Need some plusses in there...
/from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo\.com
(/
--
John H
Jo Rhett wrote:
I'm trying to figure out how to stop SPF_FAIL on messages generated on
an internal rfc1918 network and routed through a trusted host.
Host A: generates mail, origin IP 10.x.x.x
Host B: relays mail for Host A, to Host C
Host C: receives mail, marks SPF_FAIL
Host B is both in t
On Thu, 2008-06-19 at 20:37 -0700, Jo Rhett wrote:
> Example:
>
> host A: 10.0.0.1 generates e-mail, routes via HostB
>
> Host B: has outside IP 64.13.143.16
> > Received: from arran.svcolo.com (arran.sc.svcolo.com
> > [64.13.143.17]) by kininvie.sv.svcolo.com (8.14.1/8.14.1) wi
63 matches
Mail list logo
