OT: implementing RBL in sendmail
Glenn Steen
glenn.steen at gmail.com
Thu Jun 23 13:29:55 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
On 6/23/05, Terran Wright <wright at cybervale.com> wrote:
> ----- Original Message -----
> From: "Alex Neuman van der Hans" <alex at nkpanama.com>
> To: <MAILSCANNER at jiscmail.ac.uk>
> Sent: Wednesday, June 22, 2005 8:21 PM
> Subject: Re: OT: implementing RBL in sendmail
>
>
> > Terran Wright wrote:
> >
> > >Good day all,
> > >
> > >Our setup is such that the Mailscanner box is the MX and it relays mails
> to
> > >the actual email server, outgoing mails are sent directly from the mail
> > >server. Based on what I've seen alot of mails bypass the MailScanner box
> and
> > >the vast majority of them are Spam and contain infected files.
> > >
> > >I added the following two lines to the sendmail.mc recently and did a
> > >make -C /etc/mail
> > >
> > >FEATURE(`dnsbl',`dnsbl.njabl.org',`"550 Mail from " $&{client_addr} "
> > >rejected - see http://njabl.org/"')dnl
> > >FEATURE(`dnsbl',`cbl.abuseat.org',`"550 Mail from " $&{client_addr} "
> > >rejected - see http://cbl.abuseat.org/"')dnl
> > >
> > >as recently as today I got a complaint about a mail that got through even
> > >though the IP address was listed at cbl.abuseat.org any ideas guys?
> > >
> > Is the actual email server available on the internet? If it is, people
> > might be trying to connect straight to its SMTP port and gathering the
> > info from the SMTP greeting message. If your actual server answers "220
> > BLABLAH.COM SMTP SERVER VERSION BLAH" then spammers will try to write to
> > "whatever at BLABLAH.COM" in order to fish for valid addresses.
> >
> > You need to put your actual server behind a firewall or have it admit
> > connections only from your mailscanner box.
>
> Yes the server is available on the internet.
>
> What impact will only accepting connections from the MailScanner box have on
> legitimate mails being delivered to the box. Isn't it the case that
> undelivered mails and the like are returned to the box that they come from
> and not to the MX of the domain they come from?
"Seem" is the key phrase. And if you route outgoing mails through the
MX "bastion", "seems" will equate "do". If you don't want the outgoing
mails to be checked for virus or spam, simply whitelist the internal
servers IP address.
After all, what is the point of a condom if you don't use it properly:-):-).
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list