On Tue, 10 Aug 2004, LuKreme wrote:
> On 10 Aug 2004, at 18:32, David B Funk wrote:
> > It does have one limitation; the sending mail server needs to have
> > a valid R-DNS listing. In this particular case it doesn't so you CANNOT
> > use whitelist_from_recvd here.
>
> Doe sit simply need to be valid, or does it need to by identical?
>
> My mail server does double duty as my secondary MX, so the r-DNS for
> 64.140.43.68 is ns2.covisp.net instead of mail.covisp.net. Is the fact
> that the domain and tld are the same good enugh for
> whitelist_from_rcvd?
I think that you didn't understanding me. I was talking about the
sending mail server, not the receiving mail server.
(Of course if you're talking about getting other people to whitelist
the stuff you send them, then your server DNS configs do become
germaine to this issue ;).
Maybe a little example will clarify things.
One of my incoming MX servers is: server15.icaen.uiowa.edu and its
IP is in my 'trusted_networks' list.
To whitelist mailings that our users receive from United Airlines,
I have a whitelist_from_recvd entry like:
whitelist_from_rcvd [EMAIL PROTECTED] united.com
And the relevant header from a mail message looks like:
Received: from ulsmlbx02.mail.united.com (ulsmlbx02.mail.united.com
[209.87.114.72])
by server15.icaen.uiowa.edu (8.12.9/8.12.9) with ESMTP id i7B4ZeEw006246
for <[EMAIL PROTECTED]>; (envelope-from <[EMAIL PROTECTED]>)
Tue, 10 Aug 2004 23:35:40 -0500 (CDT)
From: United E-Fares <[EMAIL PROTECTED]>
Now the first part of that header "from ulsmlbx02.mail.united.com" is the
HELO that -their- server gave (and thus is under their control).
The second part of that header "(ulsmlbx02.mail.united.com [209.87.114.72])"
was added by my sendmail daemon. It took the IP address that it saw in
the connection "[209.87.114.72]" did a R-DNS lookup on it, got the
host-FQDN, did a F-DNS lookup on that and saw that the F & R entires
matched (thus was a valid entry).
Note that it is the Host-FQDN -inside- that parens that SA is looking
for to use in the whitelist_from_rcvd, it ignores the HELO name.
If the F & R lookups did -NOT- match, sendmail would not put a hostname
inside those parens. (IE it would have only had "([209.87.114.72])"
there). Then the whitelist_from_rcvd would not have applied.
Thus if the DNS servers for united.com get barfed up whitelist_from_rcvd
does not work. Of course, it also depends upon your MTA generating
proper headers that SA can parse to extract the pertinate info.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
