Mailscanner & redirected mail
Glenn Steen
glenn.steen at gmail.com
Wed Jun 10 20:11:21 IST 2009
2009/6/10 Devon Harding <devonharding at gmail.com>:
>
>
> On Wed, Jun 10, 2009 at 8:36 AM, Glenn Steen <glenn.steen at gmail.com> wrote:
>>
>> 2009/6/10 Devon Harding <devonharding at gmail.com>:
>> >
>> >
>> > On Wed, Jun 10, 2009 at 3:34 AM, Julian Field
>> > <MailScanner at ecs.soton.ac.uk>
>> > wrote:
>> >>
>> >>
>> >> On 09/06/2009 16:20, Steve Freegard wrote:
>> >>>
>> >>> Devon Harding wrote:
>> >>>
>> >>>>
>> >>>> Ok, here's my dilemma. My ISP has blocked port 25 on my connection,
>> >>>> so
>> >>>> I'm forced to have my DNS provider (EasyDNS) redirect all my email to
>> >>>> port 2525. This works fine, the only problem now is I'm seeing an
>> >>>> influx of SPAM which I believe is because MailScanner is seeing
>> >>>> EasyDNS
>> >>>> as a safe sender& not processing any rules based on IP Address. How
>> >>>> do
>> >>>> I get MailScanner disregard the IP address from EasyDNS and process
>> >>>> the
>> >>>> next hop? I guess something like X-Forwarded-For for SMTP.
>> >>>>
>> >>>
>> >>> > From the changlog of the latest 4.77 release:
>> >>>
>> >>> "Read IP Address From Received Header" has been extended, so it will
>> >>> now
>> >>> take a number instead of yes or no. "yes"=1 and "no"=0. If it is set
>> >>> to
>> >>> "yes" or a number, then the SMTP client IP address is taken from the
>> >>> "Received:" header. For example, setting it to 2 will cause the IP
>> >>> address to be taken from the 2nd Received: header.
>> >>>
>> >>>
>> >>
>> >> You took the words right out of my mouth! :-)
>> >> I knew someone would find this useful before too long...
>> >>
>> >> Jules
>> >>
>> >
>> > The setting works, but how do I get it work with RCVD_IN_DNSWL_LOW
>> > which
>> > still gives my messages a -1 score.
>> > -Devon
>> >
>> You configure your trusted_networks/internal_networks correctly (for
>> SA... Likely in local.cf or mailscanner.cf)... SA will normally
>> "autodetect" what this should be, but since you want to trust the
>> "last hop", you need specify that/those IP addresses (and all "local"
>> trusted networks/addresses) explicitly. Scott gave you a link, but
>> ISTR there should be a better one .... This is to the specific
>> section:
>> http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#network_test_options
>> ... and this is to the wiki page:
>> http://wiki.apache.org/spamassassin/TrustPath and another good one:
>> http://wiki.apache.org/spamassassin/TrustedRelays
>>
>> Cheers
>> --
>> -- Glenn
>> email: glenn < dot > steen < at > gmail < dot > com
>> work: glenn < dot > steen < at > ap1 < dot > se
>> --
>
> But if I trust my 'last hop', in my case EasyDNS, wouldn't it mark ALL
> messages from them (Including the SPAM) as clean?
Only if there were no other Received: lines. Go look at all the links,
they explain what this does far more eloquently then lil' ol' me
can.... or will....:-)
Anyway, the point of ignoring the "most recent" Received: line (in
MailScanner) pretty much fill the same purpose, AFAICS, as including
that relay host(s) IP in your trusted_networks... It'd affect SA rules
on IPs, so ... not exaactly be a "allow everything" thing;-)
> Here's and example of the mail hops from a SPAM and how MailScanner now sees
> it. (taken from Mailwatch. domain.com is used for my domain)
> Received from:
> 38.99.42.36
> Received Via:
> IP Address Hostname
> 64.68.200.52 smtp.easydns.com
> 38.99.42.36 smtp.podomatic.com
> 127.0.0.1 mars.domain.com
> 38.99.42.42 luke.dc.podomatic.com
Yes, and including the easydns address /64.68.200.52) in your trusted
IPs would mean that the first IP address SA wouldn't trust is the same
as for MS. So what is the problem? As said, there are some very nice
examples of what happens on the rather short and lucid links I gave
you. Read them!
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list