Spam Lists (DNS blocklists) and trusted networks
Hugo van der Kooij
hvdkooij at vanderkooij.org
Sun Aug 3 13:52:07 IST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Alex Broens wrote:
| On 8/3/2008 1:40 PM, Hugo van der Kooij wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|> ram wrote:
|> | If mail is being relayed to my MailScanner server from a MX server
|> | how do I check RBL's within MailScanner
|> | Can I specify MailScanner to look inside the headers for checking RBL's
|> | 1 Hop before the current relay server
|> | I know It is best to check RBL's at the MTA, but I want to use
|> | whitelists overriding RBL checks. That is why I moved the RBL checks to
|> | MailScanner from the MTA
|> This reminds me a bit of a nice feature in the Barracuda units.
|> They have a configuration option called "Trusted forwarders".
| You mean SA's internal_networks / trusted_networks? .-)
| Very well documented in the SA docs.
| "NETWORK TEST OPTIONS"
Well. It goes beyond what I read on
It means that if my Barracuda blocks on a RBL hit. It will also block
any message send through a trusted server if the IP address sending the
message to a trusted host is on that RBL.
I guess the framework is there in SA to distinguish the various MTA's.
But then one needs to write up rules to check any untrusted address in
the IP headers against any RBL that you care to use in your MTA and
block any message based on that match.
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the MailScanner