[Mimedefang] whitelist_from_rcvd question
Jan-Pieter Cornet
johnpc at xs4all.nl
Tue Jun 10 02:59:06 EDT 2008
On Mon, Jun 09, 2008 at 04:20:50PM -0400, Jason Bertoch wrote:
> I just asked this question over on the SA list only to find out that the
> whitelist entry matches when feeding SA directly from the command line.
>
>
> "whitelist_from_rcvd *@greencovesprings.com
> 75-145-201-209-Jacksonville.hfc.comcastbusiness.net"
>
> is in my sa-mimedefang.cf yet a message with the following headers didn't
> match. Any ideas?
Yes.
> Return-Path: <ggriffin at greencovesprings.com>
> Received: from [75.145.201.209]
> (75-145-201-209-Jacksonville.hfc.comcastbusiness.net [75.145.201.209] (may be forged))
^^^^^^^^^^^^^^^
Here's your problem. That host doesn't reverse properly.
mimedefang sees the message as it is originally delivered, without the
extra Received: header that your host, mail.electronet.net, adds to it.
Mimedefang synthesizes that header, but uses a slightly different format
than sendmail does. Among others, it doesn't add a "(may be forged)" in
case of a non-FCRDNS, but just adds the relay with the IP only.
My guess is that if you whitelist based on the IP address, it will
likely work.
> by mail.electronet.net (8.14.2/8.14.2) with ESMTP id m54DeD5V009962
> for <user at domain.com>; Wed, 4 Jun 2008 09:40:19 -0400
> From: "Gregg Griffin" <ggriffin at greencovesprings.com>
>
>
> The rules that did match are below. I'm running sendmail 8.14.2 with SA
> v3.2.4 and MD 2.63.
>
> X-Spam-Score: 5.221 (*****)
> BOTNET,HELO_EQ_IP_ADDR,HTML_MESSAGE,RDNS_NONE,UNPARSEABLE_RELAY
In this case, the BOTNET rules are biting you. Or the comcast support
staff clue level (or lack of it).
--
Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs. !!
More information about the MIMEDefang
mailing list