[Mimedefang] 100K SA limit doesn't seem to be enough any more :(
Cormack, Ken
Ken.Cormack at yrcw.com
Wed Mar 19 13:18:24 EDT 2008
> Is it far fetched that some US company would use foreign e-mail provider?
Our customer base is mostly US, with some Canadian and Mexico-based ip
addresses (given that the company services all of North America.) In cases
(like the manufacturer of some of the trucks, where they are based out of
Sweden), we either whitelist the particular known IP addresses (and block
the rest of the country), or not block the country as a whole.
> So how much does it actually help to block whole countries, instead of
just
> using very strict blacklists and dynamic patterns etc? I don't think that
> much.
Your mileage will vary, depending upon in what order you perform your
various checks and execute your rules. If you perform the GeoIP block
before checking SPF records, and doing greylisting, and running
spamassassin, and running virus scans, etc., it will obviously block more
traffic. Put this test after all those other kinds of tests, and obviously,
it will be less effective/significant.
> You should atleast pass mail to postmaster from everywhere (don't know if
> you already do it) and mention clearly something like "contact
> postmaster at xxx for help" in your rejects, which you don't seem to.
You are correct, in that the rule, being placed in filter_sender, makes no
provision for allowing to postmaster, from ip addresses otherwised blocked
based on country of origin. Placing the rule in filter_recipient and
examining $recip would accommodate that very easily, but management was fine
with "if we don't do business there, then don't accept connections." In
other words, it was a local policy decision to code it as is.
Likewise, I don't see any specific exemption for postmaster as a recipient,
in sendmail's own blacklisting mechanisms.
For example:
FEATURE(enhdnsbl, `sbl.spamhaus.org', `"550 5.7.1 Mail from
"$&{client_addr}" rejected - see
http://www.spamhaus.org/query/bl?ip="$&{client_addr}', `t', `127.0.0.2.')
Unless I'm missing something, the above, in a sendmail.mc file, makes no
provision for allowing for "postmaster" as a recipient, from an otherwise
blacklisted ip.
Ken
More information about the MIMEDefang
mailing list