Which IP is tested by the RBLs?
My PC is connected via a Verizon dynamically-allocated IP address, which is on several RBLs. If I send mail directly from my PC to my linux mail server, spamassassin flags it. This is generally not a big deal for me, as I usually use a mail client on the server itself. However, from time to time, I'll use a mail client on my PC just for convenience. What I want to know is this... If I send an email from my PC to someplace remote, it first gets accepted by my linux mail server and then moves on from there. If the destination machine is running spamassassin, does it test the original IP address of my Verizon-connected PC, or does it test the IP address of my linux server? --pat-- -- Pat Traynor p...@ssih.com
Re: Which IP is tested by the RBLs?
On 28.03.14 15:23, Pat Traynor wrote: My PC is connected via a Verizon dynamically-allocated IP address, which is on several RBLs. If I send mail directly from my PC to my linux mail server, spamassassin flags it. This is generally not a big deal for me, as I usually use a mail client on the server itself. However, from time to time, I'll use a mail client on my PC just for convenience. What I want to know is this... If I send an email from my PC to someplace remote, it first gets accepted by my linux mail server and then moves on from there. If the destination machine is running spamassassin, does it test the original IP address of my Verizon-connected PC, or does it test the IP address of my linux server? The remote machine will check your IP in blacklists. However, not for dynamic IPs, only if your PC was their MX (and thus in their internal_networks). However your IP will still be checked for blacklist that contain hacked, zombie and other abusing IPs. ...of course, all with properly set up SA or similar spam filter. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mouse gets the cheese.
Re: Which IP is tested by the RBLs?
On 3/28/2014 3:23 PM, Pat Traynor wrote: My PC is connected via a Verizon dynamically-allocated IP address, which is on several RBLs. If I send mail directly from my PC to my linux mail server, spamassassin flags it. This is generally not a big deal for me, as I usually use a mail client on the server itself. However, from time to time, I'll use a mail client on my PC just for convenience. What I want to know is this... If I send an email from my PC to someplace remote, it first gets accepted by my linux mail server and then moves on from there. If the destination machine is running spamassassin, does it test the original IP address of my Verizon-connected PC, or does it test the IP address of my linux server? --pat-- Depends on the specific RBL. Some do deep header parsing and check all the received headers. Some test only the last received header before any trusted header, etc. The best answer is typically to use authenticated email to your server to make sure you don't involve whatever ISP you happen to be using. However, I still see this issue from time to time when staying at hotels where different RBLs will hit the IP from the hotel I'm staying at. In those cases, I unfortunately usually tunnel over a VPN or similar to remove the ISP from the entire picture. Regards, KAM
Re: Which IP is tested by the RBLs?
On Fri, 28 Mar 2014, Kevin A. McGrail wrote: On 3/28/2014 3:23 PM, Pat Traynor wrote: My PC is connected via a Verizon dynamically-allocated IP address, which is on several RBLs. If I send mail directly from my PC to my linux mail server, spamassassin flags it. This is generally not a big deal for me, as I usually use a mail client on the server itself. However, from time to time, I'll use a mail client on my PC just for convenience. What I want to know is this... If I send an email from my PC to someplace remote, it first gets accepted by my linux mail server and then moves on from there. If the destination machine is running spamassassin, does it test the original IP address of my Verizon-connected PC, or does it test the IP address of my linux server? The best answer is typically to use authenticated email to your server to make sure you don't involve whatever ISP you happen to be using. Or set up an SSH tunnel to 25/tcp on your hosted server so that the PC-MTA first hop comes from 127.0.0.1 That's what I do. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Think Microsoft cares about your needs at all? A company wanted to hold off on upgrading Microsoft Office for a year in order to do other projects. So Microsoft gave a 'free' copy of the new Office to the CEO -- a copy that of course generated errors for anyone else in the firm reading his documents. The CEO got tired of getting the 'please re-send in XX format' so he ordered other projects put on hold and the Office upgrade to be top priority.-- Cringely, 4/8/2004 --- 4 days until April Fools' day
Re: Which IP is tested by the RBLs?
Pat Traynor wrote: My PC is connected via a Verizon dynamically-allocated IP address, which is on several RBLs. If I send mail directly from my PC to my linux mail server, spamassassin flags it. This is generally not a big deal for me, as I usually use a mail client on the server itself. However, from time to time, I'll use a mail client on my PC just for convenience. What I want to know is this... If I send an email from my PC to someplace remote, it first gets accepted by my linux mail server and then moves on from there. If the destination machine is running spamassassin, does it test the original IP address of my Verizon-connected PC, or does it test the IP address of my linux server? *Most* of the IP DNSBLs will be checked for the IP of your server. The only one I know of offhand that will be checked for your home IP is the Spamhaus SBL sublist. Unfortunately, the places you'll have trouble with are places with filter appliances made by a fairly well-known company I'll leave nameless, whose local admins and/or consultants have (mis)configured these devices to do lookups on all the IPs. These sites haven't yet discovered the inevitable mess this causes by blocking mail relayed by a perfectly legitimate colo machine but originating from, for example, an IP range listed on the Spamhaus PBL. Or the filter appliance company's own DNSBL. I see a case of this once a month or so; some innocent user on our network sends a message through our designated relay, but the message is rejected with a reference to that user's home connection at the time the message was sent, based on a DNSBL that should NOT be used for that lookup. (PBL entries in particular are submitted in part by the netblock owner/operators themselves, as IP ranges which should not be generating direct-to-MX email traffic. Most other DNSBLs list data in a similar context; they should not be used for deep inspection of the Received: chain, just the IP that relayed the message to your server/network.) -kgd
Re: Which IP is tested by the RBLs?
Kris Deugau skrev den 2014-03-28 20:51: (PBL entries in particular are submitted in part by the netblock owner/operators themselves, as IP ranges which should not be generating direct-to-MX email traffic. Most other DNSBLs list data in a similar context; they should not be used for deep inspection of the Received: chain, just the IP that relayed the message to your server/network.) PBL is managed by spamhaus and isp owners, with 127.0.0.10 and 127.0.0.11 it can be seperaly tested, i wish all dynamicly ips was listed in PBL, then spam problems would be gone, since idealy all mail users would use sasl auth to there mailprovider, with will then not care of origin ips is listed in PBL or not here i just use postfix with postscreen rbl testing, thus also dnswl keeps the most good servers into be tested with content later in spamassassin, while only a few mails that could be spam are tested, while postfix reject all the rest via rbl/dmarc/spf here to the OP: start dkim sign your mails and see if you can be listed in dnswl.org as a good sender if you have a static server ip, this is the begin to be not listed as spaming ip i had for around a year ago a spamhaus pbl listning where my isp could see it was there need to make that not happend when i paid for static ip, listed seperate in ripe.net, so i could not at that point send mails to one more of there custommers with a isp hosted email addr, called them and got them to agree this was something thay either resolve or get less money from my so called static ip :=) btw dhcp in a hostname does not say its dynamic, seperate listning is best prove to its a static, when my ripe listning is gone, its will be static pool, where there could be silly or not silly, dynamic clients in :(
