RCVD_IN_BSP_TRUSTED

Furnish, Trever G TGFurnish at herffjones.com
Mon Oct 23 23:06:08 IST 2006


> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of Jim Coates
> Sent: Monday, October 23, 2006 5:51 PM
> To: 'MailScanner discussion'
> Subject: RE: RCVD_IN_BSP_TRUSTED
> 
> 
> >On 23/10/06, Jim Coates <jimc at laridian.com> wrote:
> >> > -----Original Message-----
> >> > From: mailscanner-bounces at lists.mailscanner.info
> >> [mailto:mailscanner-bounces at lists.mailscanner.info] On 
> Behalf Of Matt Kettler
> >> > Sent: Monday, October 23, 2006 1:18 PM
> >> > To: MailScanner discussion
> >> > Subject: Re: RCVD_IN_BSP_TRUSTED
> >> >
> >> > Jim Coates wrote:
> >> 2) All of the emails I looked at where actually retrieved from a 
> >> common mail server at our ISP via fetchmail to our private mail 
> >> server.  IE - all of those were delivered to a backup mail server, 
> >> then fetched via fetchmail to our primary box.
> >
> >And fetchmail (in its blessedly naive way:-):-) will retransmitt
> >every mail from that "backup MX" as a locally submitted mail.
> >Presto, there you have it.
> 
> Yes, the backup mail server is one that is shared among 
> various domains hosted at the rack space where our servers 
> are located, so I really don't have the choice of modifying them.
> 
> I guess I will take a look at modifying the rules since it 
> seems that everything is working properly, and see what happens.
> 
> Thanks!
> Jim

Forgive me if this isn't helpful -- not completely sure I understand why
you're using fetchmail.

If your intent in using fetchmail is simply to have all connections from
the public go to the ISP mail server, then you don't need to use
fetchmail for that.  Just use iptables (or whatever the appropriate
firewall is in your case) to reject connections on your final mx from
everything accept the ISP mx server, and have the ISP server deliver
your mail to you "normally" (ie immediately, via smtp initiated by their
side) instead of whatever you're doing with fetchmail.

Of course, if your reason for using fetchmail is more esoteric than
that, this doesn't help you one bit and I apologize for chiming in. :-)

--
Trever


More information about the MailScanner mailing list