RBL checks

Jim Levie jim at ENTROPHY-FREE.NET
Tue Nov 26 19:44:58 GMT 2002 

On Tue, 2002-11-26 at 12:37, Julian Field wrote:
> At 18:31 26/11/2002, you wrote:
> >Can MailScanner be configured to ignore the final sending address for
> >blacklist checking and check the address previous to the last?
>
> No. The only way to do that is to try and parse it out of the headers, and
> it is trivial for spammers to fake (I'm surprised how few do at the
> moment). All they need do is directly attack your mail server making the
> mail appear to come from somewhere safe and you will let it all in.
>
If done properly I don't see there being a problem with spammers forging
addresses. You don't arbitrarily skip the first header, but instead you
compare that MTA's IP to one that MailScanner expects as one of your
relay servers. Only if the first MTA is one of your relay servers do you
skip that and run the DNS BL checks against the second MTA. So, the
check winds up happening as if the relay server wasn't in the message
path.

I'm running a patched (sendmail only) version of 3.x that does this
right now. I haven't fielded 4.x on any production servers yet, partly
because I have to have that functionality for most of the sites where I
use MailScanner.

> >   The reason
> >for this is that I have a backup mail store and forward server in the event
> >that the pimary one goes down (secondary MX record).
>
> Run MailScanner on all MX hosts and it isn't a problem. Having MX hosts
> configured differently is a classic way of leaving yourself open to attack.
> There is usually no good reason for your externally-visible MX hosts to
> have different configurations.
> --
That isn't always a possibility. There are cases where the mail relay
systems aren't owned or operated by the organization running
MailScanner. And even when you do own the relay servers it may not be
desirable to run MailScanner on those systems. A relay server doesn't
generally need a lot of CPU power. All it has to do is to be able to
keep up with the max inound message rate and have enough disk space for
whatever volume of messages that will need to temporarily store, which
for most folks is going to be something on the order of what a T1 or two
can do.

--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
The instructions said to use Windows 98 or better, so I installed RedHat
   Jim Levie                                 email:
jim at entrophy-free.net

More information about the MailScanner mailing list