RBL and trusted users from blacklisted IP addresses
Alex Neuman van der Hans
alex at nkpanama.com
Wed Aug 2 19:01:47 IST 2006
My only suggestion would be to avoid POP-before-SMTP altogether and
institute SMTP AUTH. It will avoid many problems and add an additional
level of accountability for your users. Look for a thread here started
by Muhammad Nauman (if I recall correctly) regarding the advantages of this.
Otherwise, to fiddle around too much with headers (even to go as far as
rewriting them) is usually not kosher.
ewr at erols.com wrote:
> This is probably as much of a sendmail question as a mailscanner question,
> but I figured I'd start here.
> My mail server is set up to use pop-before-smtp for authentication. When a
> user pops their email from the server, the IP address that they are checking
> their mail from gets added to sendmail's access.db for 10 minutes. It is
> inserted into the file as "<ip> RELAY".
> I am using mailscanner/spamassassin to scan all incoming mails.
> "Spam List = OORDB-RBL SBL+XBL" is set in mailscanner.conf
> My users are spread out around the country and connect to the internet from
> constantly changing locations. Most of the time everything works great.
> The problem I am occassionally running into is that my users will
> occassionally try to send email from a black-listed IP address. This is
> happening more and more as my users begin to use their laptops at hotels,
> use Verizon wireless cards, etc. If one of my users trys to send an email
> to another user on my system from an RBL'd IP address, the email will be
> marked as spam.
> I don't have a complete understanding of the order of how sendmail processes
> the headers, passes the email to mailscanner, etc... But I suspect that
> there must be some way to prevent these mails from being marked as spam.
> I have a considered a few approaches, but haven't figured out how to
> actually accomplish any of them yet:
> #1) Is there a way to rewrite the IP address in the "Recieved" header in the
> email after it is accepted for RELAY? I know I trust the email after it
> makes it past the "access.db", so I could just put one of my own IP
> addresses in there.
> #2) Is there a way to check the IP against a dynamic white-list and mark it
> as non-spam no matter what? I can probably update our pop-before-smtp to
> update another whitelist.
> Any suggestions would be greatly appreciated. We do have a VPN and if a
> user uses the VPN there is no problem, but for various reasons VPN access
> isn't always available.
More information about the MailScanner