Mailscanner & redirected mail

Devon Harding devonharding at gmail.com
Thu Jun 11 13:08:06 IST 2009


On Wed, Jun 10, 2009 at 3:11 PM, Glenn Steen <glenn.steen at gmail.com> wrote:

> 2009/6/10 Devon Harding <devonharding at gmail.com>:
> >
> >
> > On Wed, Jun 10, 2009 at 8:36 AM, Glenn Steen <glenn.steen at gmail.com>
> wrote:
> >>
> >> 2009/6/10 Devon Harding <devonharding at gmail.com>:
> >> >
> >> >
> >> > On Wed, Jun 10, 2009 at 3:34 AM, Julian Field
> >> > <MailScanner at ecs.soton.ac.uk>
> >> > wrote:
> >> >>
> >> >>
> >> >> On 09/06/2009 16:20, Steve Freegard wrote:
> >> >>>
> >> >>> Devon Harding wrote:
> >> >>>
> >> >>>>
> >> >>>> Ok, here's my dilemma.  My ISP has blocked port 25 on my
> connection,
> >> >>>> so
> >> >>>> I'm forced to have my DNS provider (EasyDNS) redirect all my email
> to
> >> >>>> port 2525.  This works fine, the only problem now is I'm seeing an
> >> >>>> influx of SPAM which I believe is because MailScanner is seeing
> >> >>>> EasyDNS
> >> >>>> as a safe sender&  not processing any rules based on IP Address.
>  How
> >> >>>> do
> >> >>>> I get MailScanner disregard the IP address from EasyDNS and process
> >> >>>> the
> >> >>>> next hop?  I guess something like X-Forwarded-For for SMTP.
> >> >>>>
> >> >>>
> >> >>> > From the changlog of the latest 4.77 release:
> >> >>>
> >> >>> "Read IP Address From Received Header" has been extended, so it will
> >> >>> now
> >> >>> take a number instead of yes or no. "yes"=1 and "no"=0. If it is set
> >> >>> to
> >> >>> "yes" or a number, then the SMTP client IP address is taken from the
> >> >>> "Received:" header. For example, setting it to 2 will cause the IP
> >> >>> address to be taken from the 2nd Received: header.
> >> >>>
> >> >>>
> >> >>
> >> >> You took the words right out of my mouth! :-)
> >> >> I knew someone would find this useful before too long...
> >> >>
> >> >> Jules
> >> >>
> >> >
> >> > The setting works, but how do I get it work with RCVD_IN_DNSWL_LOW
> >> >  which
> >> > still gives my messages a -1 score.
> >> > -Devon
> >> >
> >> You configure your trusted_networks/internal_networks correctly (for
> >> SA... Likely in local.cf or mailscanner.cf)... SA will normally
> >> "autodetect" what this should be, but since you want to trust the
> >> "last hop", you need specify that/those IP addresses (and all "local"
> >> trusted networks/addresses) explicitly. Scott gave you a link, but
> >> ISTR there should be a better one .... This is to the specific
> >> section:
> >>
> http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#network_test_options
> >> ... and this is to the wiki page:
> >> http://wiki.apache.org/spamassassin/TrustPath and another good one:
> >> http://wiki.apache.org/spamassassin/TrustedRelays
> >>
> >> Cheers
> >> --
> >> -- Glenn
> >> email: glenn < dot > steen < at > gmail < dot > com
> >> work: glenn < dot > steen < at > ap1 < dot > se
> >> --
> >
> > But if I trust my 'last hop', in my case EasyDNS, wouldn't it mark ALL
> > messages from them (Including the SPAM) as clean?
> Only if there were no other Received: lines. Go look at all the links,
> they explain what this does far more eloquently then lil' ol' me
> can.... or will....:-)
> Anyway, the point of ignoring the "most recent" Received: line (in
> MailScanner) pretty much fill the same purpose, AFAICS, as including
> that relay host(s) IP in your trusted_networks... It'd affect SA rules
> on IPs, so ... not exaactly be a "allow everything" thing;-)
>
> > Here's and example of the mail hops from a SPAM and how MailScanner now
> sees
> > it.  (taken from Mailwatch. domain.com is used for my domain)
> > Received from:
> > 38.99.42.36
> > Received Via:
> > IP Address Hostname
> > 64.68.200.52 smtp.easydns.com
> > 38.99.42.36 smtp.podomatic.com
> > 127.0.0.1         mars.domain.com
> > 38.99.42.42 luke.dc.podomatic.com
> Yes, and including the easydns address /64.68.200.52) in your trusted
> IPs would mean that the first IP address SA wouldn't trust is the same
> as for MS. So what is the problem? As said, there are some very nice
> examples of what happens on the rather short and lucid links I gave
> you. Read them!
>
> Cheers
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
>

Perfect explanation!  It works
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090611/c27e7dbc/attachment.html


More information about the MailScanner mailing list