Re: [ilugd] Sendmail Question
anil bindal wrote: RH 7.3/sendmail-8.11.6-27.73/ build sendmail.cf with m4 Ok - I haven't used sendmail in quite a while, so my answers may be off-track. Two possibilities emerge: -> Is there some sort of transparent NAT happening before the mail reaches your MX? E.g. The external client connects to a public IP on a box that NATs it to an private IP on which your MX runs? If that is the case, then the IP that would be checked against the DNSBLs would be the internal IP of your NAT box. -> Have you tested your setup by following instructions at: http://www.spamhaus.org/sbl/howtouse.html Follow the instruction under the "Testing your SBL Setup" section. Mail me the complete headers of a recieved spam mail off-list. even rDNS does not work !! What do you want to here - reject mails from clients with an un-resolvable address or reject mails which contain un-resolvable domains in their envelope address? If the former, then look at the following link: http://www.sendmail.org/~ca/email/chk-810.html#810MISCCHECK If the latter, then do what George has said. -- Regards, Varun Varma --- Mindframe Software & Services Pvt. Ltd. http://www.mindsw.com --- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Sendmail Question
RH 7.3/sendmail-8.11.6-27.73/ build sendmail.cf with m4
even rDNS does not work !!
rgds
anil
On Sun, 2004-08-08 at 01:01, Varun Varma wrote:
> anil bindal wrote:
> > Our back end MX is a sendmail server which has relay from MX disabled.
> >
> > dnl FEATURE(relay_based_on_MX)dnl
> >
> > Also RBL has been implemented..
> >
> > FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from spam source "
> > $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml";')
> > FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"450 Mail from spam source "
> > $`'&{client_addr} " refused - see http://www.spamhaus.org";')
> > FEATURE(`dnsbl', `dnsbl.sorbs.net', `"450 Mail from spam source "
> > $`'&{client_addr} " refused - see http://dnsbl.sorbs.net";')
> >
> > BUT
> >
> > Still my backup email server ( sendmail server ) does not block the SPAM
> > IPs listed in above RBLs..( while Gateway does !! )
> >
> > I am clue less..
> >
> > what could be the problem ??
>
>
> -> What distribution of Linux are you using? (Vendor and version)
> -> What version of sendmail are you using?
> -> After adding the FEATURE lines in sendmail.mc, what steps did you
> take to ensure that the changes are seen by sendmail?
>
> No direct emails - please reply to the list.
--
Thanks and Regards,
Anil Bindal
Disclaimer :
The information contained in this email is confidential, may be legally privileged,
proprietary to DCM
Technologies and intended solely for the addressee. In case you are not the intended
recipient, please
intimate the sender and immediately delete the email from your system. Any
disclosure, copying or
distribution thereof without our authority is prohibited and may be unlawful. DCM
Technologies makes no
warranty as to the accuracy or completeness of any information contained in this
message and hereby
expressly excludes all liability of any kind whatsoever arising out of any action
taken or omitted to be
taken in reliance of this message.
___
ilugd mailinglist -- [EMAIL PROTECTED]
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Sendmail Question
anil bindal wrote:
Our back end MX is a sendmail server which has relay from MX disabled.
dnl FEATURE(relay_based_on_MX)dnl
Also RBL has been implemented..
FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from spam source "
$`'&{client_addr} " refused - see http://spamcop.net/bl.shtml";')
FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"450 Mail from spam source "
$`'&{client_addr} " refused - see http://www.spamhaus.org";')
FEATURE(`dnsbl', `dnsbl.sorbs.net', `"450 Mail from spam source "
$`'&{client_addr} " refused - see http://dnsbl.sorbs.net";')
BUT
Still my backup email server ( sendmail server ) does not block the SPAM
IPs listed in above RBLs..( while Gateway does !! )
I am clue less..
what could be the problem ??
-> What distribution of Linux are you using? (Vendor and version)
-> What version of sendmail are you using?
-> After adding the FEATURE lines in sendmail.mc, what steps did you
take to ensure that the changes are seen by sendmail?
No direct emails - please reply to the list.
--
Regards,
Varun Varma
---
Mindframe Software & Services Pvt. Ltd.
http://www.mindsw.com
---
___
ilugd mailinglist -- [EMAIL PROTECTED]
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Sendmail Question
On 08/05/2004 02:47 PM, anil bindal wrote: Thanks. Headers of SPAM emails show that emails are at times delivered directly to our email server MX record for Email server is must to act as back up in case of SMTP gateway failure. Solution being used is from Symantec. There you go, this is the problem. The MX with the higher priority if unreachable or unable to handle an SMTP session will prompt the sending mail server to choose the lower priority MX, that is your main email server. I would suggest you add the second network (as set on the MX record) also to the scanning mail server so even if one network is down the the second MX comes into action and the email still would go through the scanning process. If you are unable to add another network to the scanning mail server then there is really nothing you can do apart from adding scanning capabilities to you main mail server. - Ankur. ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Sendmail Question
Our back end MX is a sendmail server which has relay from MX disabled.
dnl FEATURE(relay_based_on_MX)dnl
Also RBL has been implemented..
FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from spam source "
$`'&{client_addr} " refused - see http://spamcop.net/bl.shtml";')
FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"450 Mail from spam source "
$`'&{client_addr} " refused - see http://www.spamhaus.org";')
FEATURE(`dnsbl', `dnsbl.sorbs.net', `"450 Mail from spam source "
$`'&{client_addr} " refused - see http://dnsbl.sorbs.net";')
BUT
Still my backup email server ( sendmail server ) does not block the SPAM
IPs listed in above RBLs..( while Gateway does !! )
I am clue less..
what could be the problem ??
regards
anil
On Thu, 2004-08-05 at 16:21, Varun Varma wrote:
> anil bindal wrote:
> > Thanks.
> >
> > Headers of SPAM emails show that emails are at times delivered directly
> > to our email server
> >
> > MX record for Email server is must to act as back up in case of SMTP
> > gateway failure.
> >
> > Solution being used is from Symantec.
>
>
>
> Sending mails directly to the backup MXs, instead of the primary one, is
> a very popular way amongst spammers to avoid spam detection. The gist is
> that they know that this is a very common setup - primary MX has spam
> filtering and the backup MXs don't and, frequently, the primary MX
> accepts mails from the backup MXs blindly, i.e. they trust the backup
> MXs and don't filter mails from the backup MXs. Also, backup MXs
> generally don't check for the existence of user accounts [unless you
> have call forwards enabled] or quota limitations, so they accept any/all
> mails for a domain blindly.
>
> Spammers exploit this setup and send mails directly to the backup MXs.
>
> Solution: Run spam/anti-virus filtering on all publically exposed MXs.
___
ilugd mailinglist -- [EMAIL PROTECTED]
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Sendmail Question
anil bindal wrote: Thanks. Headers of SPAM emails show that emails are at times delivered directly to our email server MX record for Email server is must to act as back up in case of SMTP gateway failure. Solution being used is from Symantec. Sending mails directly to the backup MXs, instead of the primary one, is a very popular way amongst spammers to avoid spam detection. The gist is that they know that this is a very common setup - primary MX has spam filtering and the backup MXs don't and, frequently, the primary MX accepts mails from the backup MXs blindly, i.e. they trust the backup MXs and don't filter mails from the backup MXs. Also, backup MXs generally don't check for the existence of user accounts [unless you have call forwards enabled] or quota limitations, so they accept any/all mails for a domain blindly. Spammers exploit this setup and send mails directly to the backup MXs. Solution: Run spam/anti-virus filtering on all publically exposed MXs. -- Regards, Varun Varma --- Mindframe Software & Services Pvt. Ltd. http://www.mindsw.com --- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Sendmail Question
Thanks. Headers of SPAM emails show that emails are at times delivered directly to our email server MX record for Email server is must to act as back up in case of SMTP gateway failure. Solution being used is from Symantec. regards anil On Thu, 2004-08-05 at 14:28, Anand Kapoor wrote: > Anil, > > I can think of only two scenarios ! > > One you anti SPAM/anti Virus gateway is not blocking certain mails. > > If you are certain that that is not the case, then check the MX > records for your domain. It is possible that you have listed you mail > server there as well (maybe on a lower priority though.. ) which would > result in mails being delivered directly to your mail server. > > Anand > > P.S: BTW out of curiousity what ANTI SPAM / Anti Virus solution ? > > On 05 Aug 2004 14:21:41 +0530, anil bindal <[EMAIL PROTECTED]> wrote: > > Hi all, > > > > Currently we are receiving the external emails on an SMTP Anti Virus and > > Anti SPAM gateway server which relays the emails to mail server after > > scanning. > > > > Problem is that we still get the SPAM directly on our email server. How > > come the SPAM emails are not delivered to Gateway first but directly to > > our email server. > > > > How can we avoid this ? > > > > regards > > anil > > > > ___ > > ilugd mailinglist -- [EMAIL PROTECTED] > > http://frodo.hserus.net/mailman/listinfo/ilugd > > Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi > > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > -- Thanks and Regards, Anil Bindal Disclaimer : The information contained in this email is confidential, may be legally privileged, proprietary to DCM Technologies and intended solely for the addressee. In case you are not the intended recipient, please intimate the sender and immediately delete the email from your system. Any disclosure, copying or distribution thereof without our authority is prohibited and may be unlawful. DCM Technologies makes no warranty as to the accuracy or completeness of any information contained in this message and hereby expressly excludes all liability of any kind whatsoever arising out of any action taken or omitted to be taken in reliance of this message. ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Sendmail Question
Anil, I can think of only two scenarios ! One you anti SPAM/anti Virus gateway is not blocking certain mails. If you are certain that that is not the case, then check the MX records for your domain. It is possible that you have listed you mail server there as well (maybe on a lower priority though.. ) which would result in mails being delivered directly to your mail server. Anand P.S: BTW out of curiousity what ANTI SPAM / Anti Virus solution ? On 05 Aug 2004 14:21:41 +0530, anil bindal <[EMAIL PROTECTED]> wrote: > Hi all, > > Currently we are receiving the external emails on an SMTP Anti Virus and > Anti SPAM gateway server which relays the emails to mail server after > scanning. > > Problem is that we still get the SPAM directly on our email server. How > come the SPAM emails are not delivered to Gateway first but directly to > our email server. > > How can we avoid this ? > > regards > anil > > ___ > ilugd mailinglist -- [EMAIL PROTECTED] > http://frodo.hserus.net/mailman/listinfo/ilugd > Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi > http://www.mail-archive.com/[EMAIL PROTECTED]/ > -- ANAND KAPOOR Hai Jazba-e-Junoon, tho Himmat na haar! Justuju joh kurreh voh chueh Aasmaan! If you have the Spirit of Passion(Obsession), Never give up! The one who Perseveres reaches the Stars. ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] Sendmail Question
Hi all, Currently we are receiving the external emails on an SMTP Anti Virus and Anti SPAM gateway server which relays the emails to mail server after scanning. Problem is that we still get the SPAM directly on our email server. How come the SPAM emails are not delivered to Gateway first but directly to our email server. How can we avoid this ? regards anil ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
