Re: [spamdyke-users] Allow trusted relays from dynamic ips

2008-04-22 Thread Eric Shubert 
Yes it would. Running a dns cache on a mail server is highly recommended.
Either djb's dnscache, or if you're running a RHEL variant the
caching-nameserver package, would do.

Bob Hutchinson wrote:
> On Tuesday 22 April 2008 18:30, Sam Clippinger wrote:
>> This feature would not alter any whitelist files.  It would only save
>> the IP addresses in memory long enough to process the message.  The next
>> incoming message would have to look up the IP addresses again.
> 
> Would djb's dnscache help in this instance? Personally I have found that 
> installing an internal dnscache speeds up RBL lookups hugely.
> 
>> -- Sam Clippinger
>>
>> Sergio Minini {NETKEY} wrote:
>>> What would happen when the DynDNS changes? Would the IP still remain in
>>> the whiteiplist?
>>> If automatic de-listing is not possible, it would be useful to add a
>>> comment (like: # mail.example.org DynDNS) to the IP listing, to make
>>> manual editing easier.
>>>
>>> Just a thought.
>>> Thanks- Sergio
>>>
 -Original Message-

 This wouldn't be a right-hand whitelist exactly -- spamdyke already
 supports RHSWLs by checking the rDNS name against the list.

 Supporting DynDNS would require an extra step.  It would
 function like
 an IP whitelist, except the IP addresses would be found by querying a
 list of FQDNs.  For example, if this feature was used to whitelist
 "mail.example.dyndns.com", spamdyke would perform a DNS A record for
 "mail.example.dyndns.com".  If that IP address was
 11.22.33.44, spamdyke
 would add 11.22.33.44 to its IP whitelist.  From that point
 on, spamdyke
 would behave as it does now.

 At least, that's my understanding of how DynDNS needs to be
 supported.
 It would increase the number of DNS queries, so it would have
 to be used
 sparingly.

 -- Sam Clippinger


-- 
-Eric 'shubes'
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Allow trusted relays from dynamic ips

2008-04-22 Thread Bob Hutchinson 
On Tuesday 22 April 2008 18:30, Sam Clippinger wrote:
> This feature would not alter any whitelist files.  It would only save
> the IP addresses in memory long enough to process the message.  The next
> incoming message would have to look up the IP addresses again.

Would djb's dnscache help in this instance? Personally I have found that 
installing an internal dnscache speeds up RBL lookups hugely.

>
> -- Sam Clippinger
>
> Sergio Minini {NETKEY} wrote:
> > What would happen when the DynDNS changes? Would the IP still remain in
> > the whiteiplist?
> > If automatic de-listing is not possible, it would be useful to add a
> > comment (like: # mail.example.org DynDNS) to the IP listing, to make
> > manual editing easier.
> >
> > Just a thought.
> > Thanks- Sergio
> >
> >> -Original Message-
> >>
> >> This wouldn't be a right-hand whitelist exactly -- spamdyke already
> >> supports RHSWLs by checking the rDNS name against the list.
> >>
> >> Supporting DynDNS would require an extra step.  It would
> >> function like
> >> an IP whitelist, except the IP addresses would be found by querying a
> >> list of FQDNs.  For example, if this feature was used to whitelist
> >> "mail.example.dyndns.com", spamdyke would perform a DNS A record for
> >> "mail.example.dyndns.com".  If that IP address was
> >> 11.22.33.44, spamdyke
> >> would add 11.22.33.44 to its IP whitelist.  From that point
> >> on, spamdyke
> >> would behave as it does now.
> >>
> >> At least, that's my understanding of how DynDNS needs to be
> >> supported.
> >> It would increase the number of DNS queries, so it would have
> >> to be used
> >> sparingly.
> >>
> >> -- Sam Clippinger
> >
> > ___
> > spamdyke-users mailing list
> > spamdyke-users@spamdyke.org
> > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

-- 
-
Bob Hutchinson
Midwales dot com
-
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Allow trusted relays from dynamic ips

2008-04-22 Thread Sam Clippinger 
This feature would not alter any whitelist files.  It would only save 
the IP addresses in memory long enough to process the message.  The next 
incoming message would have to look up the IP addresses again.

-- Sam Clippinger

Sergio Minini {NETKEY} wrote:
> What would happen when the DynDNS changes? Would the IP still remain in the
> whiteiplist?
> If automatic de-listing is not possible, it would be useful to add a comment
> (like: # mail.example.org DynDNS) to the IP listing, to make manual editing
> easier.
>
> Just a thought.
> Thanks- Sergio
>
>
>   
>> -Original Message-
>>
>> This wouldn't be a right-hand whitelist exactly -- spamdyke already 
>> supports RHSWLs by checking the rDNS name against the list.
>>
>> Supporting DynDNS would require an extra step.  It would 
>> function like 
>> an IP whitelist, except the IP addresses would be found by querying a 
>> list of FQDNs.  For example, if this feature was used to whitelist 
>> "mail.example.dyndns.com", spamdyke would perform a DNS A record for 
>> "mail.example.dyndns.com".  If that IP address was 
>> 11.22.33.44, spamdyke 
>> would add 11.22.33.44 to its IP whitelist.  From that point 
>> on, spamdyke 
>> would behave as it does now.
>>
>> At least, that's my understanding of how DynDNS needs to be 
>> supported.  
>> It would increase the number of DNS queries, so it would have 
>> to be used 
>> sparingly.
>>
>> -- Sam Clippinger
>> 
>
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>   
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Allow trusted relays from dynamic ips

2008-04-22 Thread Sergio Minini {NETKEY} 
What would happen when the DynDNS changes? Would the IP still remain in the
whiteiplist?
If automatic de-listing is not possible, it would be useful to add a comment
(like: # mail.example.org DynDNS) to the IP listing, to make manual editing
easier.

Just a thought.
Thanks- Sergio


> -Original Message-
> 
> This wouldn't be a right-hand whitelist exactly -- spamdyke already 
> supports RHSWLs by checking the rDNS name against the list.
> 
> Supporting DynDNS would require an extra step.  It would 
> function like 
> an IP whitelist, except the IP addresses would be found by querying a 
> list of FQDNs.  For example, if this feature was used to whitelist 
> "mail.example.dyndns.com", spamdyke would perform a DNS A record for 
> "mail.example.dyndns.com".  If that IP address was 
> 11.22.33.44, spamdyke 
> would add 11.22.33.44 to its IP whitelist.  From that point 
> on, spamdyke 
> would behave as it does now.
> 
> At least, that's my understanding of how DynDNS needs to be 
> supported.  
> It would increase the number of DNS queries, so it would have 
> to be used 
> sparingly.
> 
> -- Sam Clippinger

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Allow trusted relays from dynamic ips

2008-04-22 Thread Bgs 
You understood it correctly. The main problem is that it would produce a 
huge additional amount of dns queries. A periodically generated ip 
whitelist is still better than putting it into spamdyke.


Regards
Zoltan

Sam Clippinger wrote:
> This wouldn't be a right-hand whitelist exactly -- spamdyke already 
> supports RHSWLs by checking the rDNS name against the list.
> 
> Supporting DynDNS would require an extra step.  It would function like 
> an IP whitelist, except the IP addresses would be found by querying a 
> list of FQDNs.  For example, if this feature was used to whitelist 
> "mail.example.dyndns.com", spamdyke would perform a DNS A record for 
> "mail.example.dyndns.com".  If that IP address was 11.22.33.44, spamdyke 
> would add 11.22.33.44 to its IP whitelist.  From that point on, spamdyke 
> would behave as it does now.
> 
> At least, that's my understanding of how DynDNS needs to be supported.  
> It would increase the number of DNS queries, so it would have to be used 
> sparingly.
> 
> -- Sam Clippinger
> 
> Eric Shubert wrote:
>> Are you simply talking about a right-hand whitelist?
>>
>> That could be useful in some situations. For instance, I recently came
>> across a mailer who was being rejected due to DENIED_RDNS_RESOLVE, so I
>> whitelisted the IP (instead of turning off that check). I would rather
>> whitelist the domain name though, in case they change their server's IP
>> address (which I figure is a fair chance of happening given that it's
>> presently not quite correct).
>>
>> I don't think this should apply to relays (non-local mail) though.
>>
>> Am I missing something here?
>>
>> Sam Clippinger wrote:
>>   
>>> SMTP AUTH is definitely the best option, if you can configure postfix to 
>>> perform it for outbound email.
>>>
>>> I don't use DynDNS myself -- what would be required to support it?  
>>> Would spamdyke need to find the IP address(es) of a (list of) DynDNS 
>>> name(s), then add those IP address(es) to the whitelist?  If that's all 
>>> it would take, I don't think that would be very hard.
>>>
>>> -- Sam Clippinger
>>>
>>> Christian Aust wrote:
>>> 
 Hi all,

 I'm using the latest release of spamdyke, and it's working great -  
 thanks a lot.

 Now I'd like to have my home server relay it's mail through the main  
 mail system. Spamdyke blocks the connecton with DENIED_IP_IN_CC_RDNS,  
 because the home system certainly connects using a non-static IP which  
 happens to have the ip in it's RDNS name. spamdyke is working  
 perfectly and is doing what it has been told.

 But how could I allow my satellite server to actually send mail  
 through this relay? If I could instruct spamdyke to check the IP  
 against some given dyndns name (and allow if the IPs match) it would  
 be all right, but AFAIK spamdyke doesn't offer such option. Or, does it?

 Any other ideas? BTW: I'm running postfix on the satellite and  
 (obviously) qmail on the main server. Best regards,

 Christian
   
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> 
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Allow trusted relays from dynamic ips

2008-04-22 Thread Sam Clippinger 
This wouldn't be a right-hand whitelist exactly -- spamdyke already 
supports RHSWLs by checking the rDNS name against the list.

Supporting DynDNS would require an extra step.  It would function like 
an IP whitelist, except the IP addresses would be found by querying a 
list of FQDNs.  For example, if this feature was used to whitelist 
"mail.example.dyndns.com", spamdyke would perform a DNS A record for 
"mail.example.dyndns.com".  If that IP address was 11.22.33.44, spamdyke 
would add 11.22.33.44 to its IP whitelist.  From that point on, spamdyke 
would behave as it does now.

At least, that's my understanding of how DynDNS needs to be supported.  
It would increase the number of DNS queries, so it would have to be used 
sparingly.

-- Sam Clippinger

Eric Shubert wrote:
> Are you simply talking about a right-hand whitelist?
>
> That could be useful in some situations. For instance, I recently came
> across a mailer who was being rejected due to DENIED_RDNS_RESOLVE, so I
> whitelisted the IP (instead of turning off that check). I would rather
> whitelist the domain name though, in case they change their server's IP
> address (which I figure is a fair chance of happening given that it's
> presently not quite correct).
>
> I don't think this should apply to relays (non-local mail) though.
>
> Am I missing something here?
>
> Sam Clippinger wrote:
>   
>> SMTP AUTH is definitely the best option, if you can configure postfix to 
>> perform it for outbound email.
>>
>> I don't use DynDNS myself -- what would be required to support it?  
>> Would spamdyke need to find the IP address(es) of a (list of) DynDNS 
>> name(s), then add those IP address(es) to the whitelist?  If that's all 
>> it would take, I don't think that would be very hard.
>>
>> -- Sam Clippinger
>>
>> Christian Aust wrote:
>> 
>>> Hi all,
>>>
>>> I'm using the latest release of spamdyke, and it's working great -  
>>> thanks a lot.
>>>
>>> Now I'd like to have my home server relay it's mail through the main  
>>> mail system. Spamdyke blocks the connecton with DENIED_IP_IN_CC_RDNS,  
>>> because the home system certainly connects using a non-static IP which  
>>> happens to have the ip in it's RDNS name. spamdyke is working  
>>> perfectly and is doing what it has been told.
>>>
>>> But how could I allow my satellite server to actually send mail  
>>> through this relay? If I could instruct spamdyke to check the IP  
>>> against some given dyndns name (and allow if the IPs match) it would  
>>> be all right, but AFAIK spamdyke doesn't offer such option. Or, does it?
>>>
>>> Any other ideas? BTW: I'm running postfix on the satellite and  
>>> (obviously) qmail on the main server. Best regards,
>>>
>>> Christian
>>>   
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Allow trusted relays from dynamic ips

2008-04-21 Thread Eric Shubert 
Are you simply talking about a right-hand whitelist?

That could be useful in some situations. For instance, I recently came
across a mailer who was being rejected due to DENIED_RDNS_RESOLVE, so I
whitelisted the IP (instead of turning off that check). I would rather
whitelist the domain name though, in case they change their server's IP
address (which I figure is a fair chance of happening given that it's
presently not quite correct).

I don't think this should apply to relays (non-local mail) though.

Am I missing something here?

Sam Clippinger wrote:
> SMTP AUTH is definitely the best option, if you can configure postfix to 
> perform it for outbound email.
> 
> I don't use DynDNS myself -- what would be required to support it?  
> Would spamdyke need to find the IP address(es) of a (list of) DynDNS 
> name(s), then add those IP address(es) to the whitelist?  If that's all 
> it would take, I don't think that would be very hard.
> 
> -- Sam Clippinger
> 
> Christian Aust wrote:
>> Hi all,
>>
>> I'm using the latest release of spamdyke, and it's working great -  
>> thanks a lot.
>>
>> Now I'd like to have my home server relay it's mail through the main  
>> mail system. Spamdyke blocks the connecton with DENIED_IP_IN_CC_RDNS,  
>> because the home system certainly connects using a non-static IP which  
>> happens to have the ip in it's RDNS name. spamdyke is working  
>> perfectly and is doing what it has been told.
>>
>> But how could I allow my satellite server to actually send mail  
>> through this relay? If I could instruct spamdyke to check the IP  
>> against some given dyndns name (and allow if the IPs match) it would  
>> be all right, but AFAIK spamdyke doesn't offer such option. Or, does it?
>>
>> Any other ideas? BTW: I'm running postfix on the satellite and  
>> (obviously) qmail on the main server. Best regards,
>>
>> Christian
-- 
-Eric 'shubes'
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Allow trusted relays from dynamic ips

2008-04-21 Thread Andras Korn 
On Mon, Apr 21, 2008 at 04:58:09PM +0200, Bgs wrote:

>   First of all: smtp auth is _the_ answer indeed :)

Yes.

> But if it gets to a new feature, I think this is how it could work:

ipsvd already supports dyndns-based differentiation.

You could use it to spawn qmail-smtpd directly (i.e. without spamdyke) for
connections from hosts authenticated via dyndns.

Of course, it would also be possible to just set an environment variable in
ipsvd, which spamdyke could consult, but ennvars are the Work of the Devil.
SCNR. :)

Andras

-- 
 Andras Korn 
  QOTD:
*Real* real programmers use 'bzcat > a.out' 'cause you can type faster.
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Allow trusted relays from dynamic ips

2008-04-21 Thread Bgs 

  First of all: smtp auth is _the_ answer indeed :)

But if it gets to a new feature, I think this is how it could work:

The actual check would be: check all fqdn-s in the dyndns_whitelist and 
get their IP. If any of them matches the source IP, it gets whitelisted.

The problem is that this would be very resource consuming. Spamdyke 
already does a nice amount of DNS requests and even with a few items on 
this list, this can double, triple, etc. the number of requests. The 
only way that this could work would be a centralized solution similar to 
the recipient system due to come in 5.0.0. At least this is my 2c :)

Regards
Bgs

Sam Clippinger wrote:
> SMTP AUTH is definitely the best option, if you can configure postfix to 
> perform it for outbound email.
> 
> I don't use DynDNS myself -- what would be required to support it?  
> Would spamdyke need to find the IP address(es) of a (list of) DynDNS 
> name(s), then add those IP address(es) to the whitelist?  If that's all 
> it would take, I don't think that would be very hard.
> 
> -- Sam Clippinger
> 
> Christian Aust wrote:
>> Hi all,
>>
>> I'm using the latest release of spamdyke, and it's working great -  
>> thanks a lot.
>>
>> Now I'd like to have my home server relay it's mail through the main  
>> mail system. Spamdyke blocks the connecton with DENIED_IP_IN_CC_RDNS,  
>> because the home system certainly connects using a non-static IP which  
>> happens to have the ip in it's RDNS name. spamdyke is working  
>> perfectly and is doing what it has been told.
>>
>> But how could I allow my satellite server to actually send mail  
>> through this relay? If I could instruct spamdyke to check the IP  
>> against some given dyndns name (and allow if the IPs match) it would  
>> be all right, but AFAIK spamdyke doesn't offer such option. Or, does it?
>>
>> Any other ideas? BTW: I'm running postfix on the satellite and  
>> (obviously) qmail on the main server. Best regards,
>>
>> Christian
>> ___
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>   
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> 
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Allow trusted relays from dynamic ips

2008-04-21 Thread Sam Clippinger 
SMTP AUTH is definitely the best option, if you can configure postfix to 
perform it for outbound email.

I don't use DynDNS myself -- what would be required to support it?  
Would spamdyke need to find the IP address(es) of a (list of) DynDNS 
name(s), then add those IP address(es) to the whitelist?  If that's all 
it would take, I don't think that would be very hard.

-- Sam Clippinger

Christian Aust wrote:
> Hi all,
>
> I'm using the latest release of spamdyke, and it's working great -  
> thanks a lot.
>
> Now I'd like to have my home server relay it's mail through the main  
> mail system. Spamdyke blocks the connecton with DENIED_IP_IN_CC_RDNS,  
> because the home system certainly connects using a non-static IP which  
> happens to have the ip in it's RDNS name. spamdyke is working  
> perfectly and is doing what it has been told.
>
> But how could I allow my satellite server to actually send mail  
> through this relay? If I could instruct spamdyke to check the IP  
> against some given dyndns name (and allow if the IPs match) it would  
> be all right, but AFAIK spamdyke doesn't offer such option. Or, does it?
>
> Any other ideas? BTW: I'm running postfix on the satellite and  
> (obviously) qmail on the main server. Best regards,
>
> Christian
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>   
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Allow trusted relays from dynamic ips

2008-04-20 Thread Eric Shubert 
Christian Aust wrote:
> Hi all,
> 
> I'm using the latest release of spamdyke, and it's working great -  
> thanks a lot.
> 
> Now I'd like to have my home server relay it's mail through the main  
> mail system. Spamdyke blocks the connecton with DENIED_IP_IN_CC_RDNS,  
> because the home system certainly connects using a non-static IP which  
> happens to have the ip in it's RDNS name. spamdyke is working  
> perfectly and is doing what it has been told.
> 
> But how could I allow my satellite server to actually send mail  
> through this relay? If I could instruct spamdyke to check the IP  
> against some given dyndns name (and allow if the IPs match) it would  
> be all right, but AFAIK spamdyke doesn't offer such option. Or, does it?
> 
> Any other ideas? BTW: I'm running postfix on the satellite and  
> (obviously) qmail on the main server. Best regards,
> 
> Christian

Configure your satellite server to authenticate (and probably use TLS too so
your authentication password isn't sent in the clear), then spamdyke will
bypass all filters.

-- 
-Eric 'shubes'
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

[spamdyke-users] Allow trusted relays from dynamic ips

2008-04-20 Thread Christian Aust 
Hi all,

I'm using the latest release of spamdyke, and it's working great -  
thanks a lot.

Now I'd like to have my home server relay it's mail through the main  
mail system. Spamdyke blocks the connecton with DENIED_IP_IN_CC_RDNS,  
because the home system certainly connects using a non-static IP which  
happens to have the ip in it's RDNS name. spamdyke is working  
perfectly and is doing what it has been told.

But how could I allow my satellite server to actually send mail  
through this relay? If I could instruct spamdyke to check the IP  
against some given dyndns name (and allow if the IPs match) it would  
be all right, but AFAIK spamdyke doesn't offer such option. Or, does it?

Any other ideas? BTW: I'm running postfix on the satellite and  
(obviously) qmail on the main server. Best regards,

Christian
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users