Re: newbie question: rbl checking
On 8/17/2010 3:39 AM, Tom Kinghorn wrote:
On 2010/08/17 10:32 AM, Ansgar Wiechers wrote:
On 2010-08-17 Tom Kinghorn wrote:
What I would like to achieve is that any IP which connects
to any mail
server which has one of our clients IP's
gets rbl scanned.
/external_ip [spammer] {Client host [193.138.93.1] listed at
dnsbl.njabl.org; }
|
|
V
clients_mail_server ( eg 41.25.3.5)
|
|
V
our_smarthost_for_clients/
I would therefore like to scan the mail as the mail
originated from an
IP which is not our IP So the mail would be blocked as the
originating
IP is listed at njabl.org
AFAICS your approach is likely to generate backscatter and
perhaps even
violations of your clients's contracts. Don't do that.
RBL filtering in your scenario should be done either at your
clients'
mail servers or not at all.
Regards
Ansgar Wiechers
My apologies. for not providing complete information.
The clients mail server is not supposed to accept connections
from external IP addresses and the admin (or lack thereof) does
not know how to limit the relaying.
The mails which are being sent are not reaching the
SpamAssassin block threshold.
This is impacting the smarthost negatively.
Postfix doesn't run RBL checks on hosts in the headers.
You can add your external client IPs to SpamAssassin's
trusted_networks so SA can do RBL checks and mark mail as spam.
You can use a quota policy service such as policyd to limit
the number of messages a client can send.
-- Noel Jones
Re: newbie question: rbl checking
On 2010/08/17 10:32 AM, Ansgar Wiechers wrote:
On 2010-08-17 Tom Kinghorn wrote:
What I would like to achieve is that any IP which connects to any mail
server which has one of our clients IP's
gets rbl scanned.
/external_ip [spammer] {Client host [193.138.93.1] listed at
dnsbl.njabl.org; }
|
|
V
clients_mail_server ( eg 41.25.3.5)
|
|
V
our_smarthost_for_clients/
I would therefore like to scan the mail as the mail originated from an
IP which is not our IP So the mail would be blocked as the originating
IP is listed at njabl.org
AFAICS your approach is likely to generate backscatter and perhaps even
violations of your clients's contracts. Don't do that.
RBL filtering in your scenario should be done either at your clients'
mail servers or not at all.
Regards
Ansgar Wiechers
My apologies. for not providing complete information.
The clients mail server is not supposed to accept connections from
external IP addresses and the admin (or lack thereof) does
not know how to limit the relaying.
The mails which are being sent are not reaching the SpamAssassin block
threshold.
This is impacting the smarthost negatively.
Thanks
Tom
Re: newbie question: rbl checking
On 2010-08-17 Tom Kinghorn wrote:
> What I would like to achieve is that any IP which connects to any mail
> server which has one of our clients IP's
> gets rbl scanned.
>
> /external_ip [spammer] {Client host [193.138.93.1] listed at
> dnsbl.njabl.org; }
> |
> |
> V
> clients_mail_server ( eg 41.25.3.5)
> |
> |
> V
> our_smarthost_for_clients /
>
> I would therefore like to scan the mail as the mail originated from an
> IP which is not our IP So the mail would be blocked as the originating
> IP is listed at njabl.org
AFAICS your approach is likely to generate backscatter and perhaps even
violations of your clients's contracts. Don't do that.
RBL filtering in your scenario should be done either at your clients'
mail servers or not at all.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
newbie question: rbl checking
Good morning list.
Firstly, I apologize for the question if it is a wate of your time.
I come from an exim background and as such, am still finding my feet
with Postfix.
What I would like to achieve is that any IP which connects to any mail
server which has one of our clients IP's
gets rbl scanned.
/external_ip [spammer] {Client host [193.138.93.1] listed at
dnsbl.njabl.org; }
|
|
V
clients_mail_server ( eg 41.25.3.5)
|
|
V
our_smarthost_for_clients /
I would therefore like to scan the mail as the mail originated from an
IP which is not our IP
So the mail would be blocked as the originating IP is listed at njabl.org
Once again, I apologize for the post if it is a waste of time.
Thanks & regards
Tom
