Somewhat OT - how do I whitelist a host which is in a DNSBL in sendmail?
Howdy - I have two VMs at Digital Ocean, one on the east coast, one on the west. I'm running Sendmail-8.14.8-2.fc20.x86_64. I have several DNSBLs listed: FEATURE(`dnsbl',`in.dnsbl.org ')dnl FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl FEATURE(`dnsbl',`cbl.abuseat.org')dnl FEATURE(`dnsbl',`dul.dnsbl.sorbs.net')dnl Unfortunately, my home network is attached to a cable provider which shows up in dul.dnsbl.sorbs.net. Can I whitelist my IP address so that I can send mail through my mail servers? Right now, it gets rejected. Yeah, I know, I can always use my ISP's smtp server, I guess. But that kind of sucks. I would rather use mine. Purely a pride thing, I know. Thomas
Re: Somewhat OT - how do I whitelist a host which is in a DNSBL in sendmail?
On 07/24/2014 09:58 AM, Thomas Cameron wrote: Howdy - I have two VMs at Digital Ocean, one on the east coast, one on the west. I'm running Sendmail-8.14.8-2.fc20.x86_64. I have several DNSBLs listed: FEATURE(`dnsbl',`in.dnsbl.org ')dnl FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl FEATURE(`dnsbl',`cbl.abuseat.org')dnl FEATURE(`dnsbl',`dul.dnsbl.sorbs.net')dnl Unfortunately, my home network is attached to a cable provider which shows up in dul.dnsbl.sorbs.net. Can I whitelist my IP address so that I can send mail through my mail servers? Right now, it gets rejected. Yeah, I know, I can always use my ISP's smtp server, I guess. But that kind of sucks. I would rather use mine. Purely a pride thing, I know. Thomas Disregard. I was way over thinking it. A quick line in /etc/mail/access fixed it. Sorry for the noise. TC
Re: Somewhat OT - how do I whitelist a host which is in a DNSBL in sendmail?
s/somewhat// # ;) On Thu, 2014-07-24 at 09:58 -0500, Thomas Cameron wrote: I'm running Sendmail-8.14.8-2.fc20.x86_64. I have several DNSBLs listed: FEATURE(`dnsbl',`in.dnsbl.org ')dnl FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl FEATURE(`dnsbl',`cbl.abuseat.org')dnl FEATURE(`dnsbl',`dul.dnsbl.sorbs.net')dnl Unfortunately, my home network is attached to a cable provider which shows up in dul.dnsbl.sorbs.net. Can I whitelist my IP address so that I can send mail through my mail servers? Right now, it gets rejected. Not sendmail specific, and I wouldn't know the exact sendmail conf for this anyway, but: You should use authentication, and configure your SMTP to accept authenticated connections before rejecting based on DNSBLs. -- char *t=\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Somewhat OT - how do I whitelist a host which is in a DNSBL in sendmail?
On Thu, 24 Jul 2014, Thomas Cameron wrote: Howdy - I have two VMs at Digital Ocean, one on the east coast, one on the west. I'm running Sendmail-8.14.8-2.fc20.x86_64. I have several DNSBLs listed: FEATURE(`dnsbl',`in.dnsbl.org ')dnl FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl FEATURE(`dnsbl',`cbl.abuseat.org')dnl FEATURE(`dnsbl',`dul.dnsbl.sorbs.net')dnl Unfortunately, my home network is attached to a cable provider which shows up in dul.dnsbl.sorbs.net. Can I whitelist my IP address so that I can send mail through my mail servers? Right now, it gets rejected. Yeah, I know, I can always use my ISP's smtp server, I guess. But that kind of sucks. I would rather use mine. Purely a pride thing, I know. Thomas Thomas. Do you have 'MSA' port enabled for your sendmail? (IE port 567) and SMTP-AUTH? Then just skip the dnsbl checks for auth'ed mail submissions. You could whitelist your client IP address in your 'access' file but what happens when that address changes? (I assume your ISP gives you a DHCP address). -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{
Re: Somewhat OT - how do I whitelist a host which is in a DNSBL in sendmail?
On 07/24/2014 10:37 AM, Dave Funk wrote: Thomas. Do you have 'MSA' port enabled for your sendmail? (IE port 567) and SMTP-AUTH? Then just skip the dnsbl checks for auth'ed mail submissions. You could whitelist your client IP address in your 'access' file but what happens when that address changes? (I assume your ISP gives you a DHCP address). Hi, Dave - I actually have SMTP AUTH enabled, and it was working fine (albeit on port 25 with STARTTLS) until I added the DNSBL. Even connecting from my MUA (Thunderbird on Linux) to port 587 on my server, I get this (identifying info changed) in the log file if I enable the DNSBL: Jul 24 11:57:36 YYY dovecot: imap-login: Login: user=thomas.cameron, method=PLAIN, rip=1.2.3.4, lip=4.5.6.7 mpid=469, TLS, session=GG70g/L+xwBGw8l/ Jul 24 11:57:59 YYY sendmail[472]: ruleset=check_relay, arg1=cpe-.austin.res.rr.com, arg2=127.0.0.10, relay=cpe-.austin.res.rr.com [1.2.3.4], reject=550 5.7.1 Rejected: 68.203.17.142 listed at dul.dnsbl.sorbs.net TC