[Mimedefang] Cross-Post about SA Rule RCVD_IN_DYNABLOCK returning false positives

VonEssen, John VonEssJ at intelihealth.com
Fri Oct 3 09:57:01 EDT 2003


I secure relaying by implementing a POP before SMTP secheme. IP's of all successful POP3 logins for the last 30 minutes are put into a sendmail map. SMTP relaying is only allowed for those IP's

I disagree with you regarding my case being unique. What about people who purchase their own domain and go with hostway or valueweb. To use @theirdomain.com email, hostway or valueweb gives them access to use their non-ISP mail server. When I was at Penn State, all mail was done via POP3/SMTP/ SO you would connect however, local ISP, DSL, etc.,. and then just configure Outlook or Netscape to use your desired mail server.

I don't understand why NOT using your ISP's mail server is such a big deal. Its easy to allow remote and secure relaying. People have been doing it for years. Its like your punishing the client because they use a third party mail server. Most clients do this because the ISP mail servers suck - No virus or spam filtering - or if they do have it the quality is poor. 

John


-----Original Message-----
From:	Nels Lindquist [mailto:nlindq at maei.ca]
Sent:	Thu 10/2/2003 8:35 PM
To:	mimedefang at lists.roaringpenguin.com
Cc:	
Subject:	RE: [Mimedefang] Cross-Post about SA Rule RCVD_IN_DYNABLOCK returning false positives

On 1 Oct 2003 at 11:29, VonEssen, John wrote:

> Blocking Dialup/DSL IPs of users who run their own local SMTP
> server for spamming... now that's a different story. But that is not
> what DYNABLOCK is doing.

That's exactly what it's *supposed* to be doing--the DYNABLOCK test 
should only kick in for the relay connecting directly to your MTA.  
Any "typical" dynamic IP address holder relaying outbound mail via 
their ISP's MTA shouldn't trigger this test.

However, as your post on SA-Talk explained, yours is a special case 
because you have clients connecting directly to your server.

By what method do you ensure that only your clients can relay through 
your server, though?  I'd expect the easiest way would be to utilize 
SMTP AUTH, and if that's the case, then you could simply avoid 
calling SpamAssassin for your clients' mail in the first place.

Within your mimedefang-filter, check for the presence of the 
appropriate Sendmail macro:

eg:

if (! exists($SendmailMacros{'auth_authen'}) {
    ($hits, $req, $tests, $report) = spam_assassin_check();
}

Or if you're authenticating by IP address, you could use:

if ($RelayAddr !~ /$ClientRelays/) {
    ($hits, $req....
}

> Obviously, I'll just remove the DYNABLOCK test from SA. But like I said,
> the last couple of weeks/months have been very annoying given all these
> RBL issues. I might drop all of them except for a few (ORBD, SpamCop,
> etc.,.) and rely mainly on PYZOR, DCC, and content filters.

If you can avoid running SA for your clients' mail, then you 
shouldn't have to disable *any* tests for non-client mail.  

----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.

_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang





------------------------------------------------------
Teach CanIt if this mail (ID 224) is spam:
Spam:        http://www.roaringpenguin.com/canit/b.php?c=s&i=224&m=427f99e8
Not spam:    http://www.roaringpenguin.com/canit/b.php?c=n&i=224&m=427f99e8
Forget vote: http://www.roaringpenguin.com/canit/b.php?c=f&i=224&m=427f99e8



More information about the MIMEDefang mailing list