Suresh Ramasubramanian wrote:
> hserus.net is my personal domain. It is neither an open relay or proxy,
> and is colocated on a box frodo.hserus.net with a static IP that isn't
> anywhere on the outblaze.com network.
>
> Unfortunately I have a box on home dsl line with a dynamic IP, that is
> in an ISP infested with proxies and relays. Till now I used to relay my
> mail using a server on this IP, that then smarthosts through frodo.
>
> Some people - not just you - run spamassasin to check IPs in all headers
> in the email (not just the connecting IP) so pick up my home IP - which
> as I said is in a proxy infested netblock.
My problem is, that I'm forced to use a dialup connection (live in a
3,000 person village that doesn't have DSL line cleanliness). So I get
everything from my ISP with smtp store-and-forward mailkicks. I have to
use SA for all filtering - it's a godsend. I can't use helo checks or
header/body filtering either with native Exim or Postfix.
> OK - for your sake I decided to ssh tunnel all my mail through frodo so
> that you will not have to whitelist me. Check my headers, and pronounce
> yourself satisfied with the arrangement :)
Pre Suresh stunnel:
X-Spam-Status: No, hits=-81.3 tagged_above=-999.0 required=6.0 tests=AWL,
BAYES_00, EXIM_LIST, RCVD_IN_DNSBL, RCVD_IN_NJABL, RCVD_IN_NJABL_PROXY,
RCVD_IN_SORBS, RCVD_IN_SORBS_HTTP, RCVD_IN_SORBS_MISC
Each of the above RBLs earns from 2.7 to 4.0 points, in my configuration.
Post Suresh stunnel:
X-Spam-Status: No, hits=-96.8 tagged_above=-999.0 required=6.0 tests=AWL,
BAYES_00, CLICK_BELOW, EXIM_LIST
> However the point remains that this is a feature that can easily be
> turned off in spamassasin, without much trouble at all. Checking the
> connecting IP, plus all of spamassasin's spamware header body checks
> should nail all the spam without scanning all IPs in the Received:
> headers against DNSBLs.
Not for me. Unfortunately, the connecting IP is always that of
punt.mail.nl.demon.net or relay-2.mail.nl.demon.net. That's what DNS for
billy.demon.nl says.
> If he can use postfix body filtering regexps, he can use them in
> spamassasin, which gives him a great deal more flexiblity, and more
> importantly, allows him to whitelist - which postfix body filters don't
> let him do.
He has yet to find out that he is basically tête/tete du neuf, not
chateau neuf (nøff nøff/noeff noeff is Norwegian kiddyspeak for
kiddyspeak "porker").
>> What Chateauneuf is asking, is if Exim is any different in this respect.
>> He's probably thinking about Exim ACLs making exceptions before smtp
>> data time, in headers for example. This would probably involve using
>> multiple ACLs and multiple headers for each message, or doing 'if ...
>> then' multiple header comparisons. In as much as I use SA, I have no
>> experience of this.
>
> It would mean reinventing the wheel where you have the advantage of
> deploying spamassasin - but I do think we can exempt senders / hosts
> from the body check ACL altogether, without much trouble.
Postfix can do that as well. But however one looks at it, without 3rd
party software (SA-Exim, Postfix 2.0.14/amavisd-new + SA) the message
will by then have been accepted and in the best case bounced.
> cc'ing you just to see what happens when my mta connects directly to
> yours - will this hit your filters and need whitelisting, or not? :)
The problem is, that to connect directly to billy.demon.nl, you have to
make an appointment first and then correct directly - not using a DNS MX
record. Which is probably not what you want.
> ps - As for Outblaze, as I said, though I and my team do run a very
> tight ship and enforce a zero tolerance antispam policy, our domains are
> among the most heavily forged on the planet (only hotmail / yahoo are
> more forged than we are, I think). So, look at my post on HELO
> filtering in check_rcpt, a few days ago
Here I have obviously made one huge mistake. I slated Outblaze. Mea
culpa, mea culpa, mea maxima culpa. As my granny might have said. I'll
never do so again, I promise.
> 2. Reject all mail with HELO outblaze.com unless it comes from an IP
> with outblaze.com reverse DNS. To further help, such HELOs can only
> come from our IP blocks -
>
> 205.158.62.0/24
> 202.86.166.0/24
> 210.177.227.128/28
> 203.86.162.161/28
>
> 3. For bonus points, do this for HELO yahoo.com etc.
>
> That should cut down a ton of your inbound spam / virus load.
Not mine, as I said. But, I've saved it for sites that I administer.
Thanks, Suresh :)
Best,
Tony
--
Tony Earnshaw
Looking backwards is always easy with hindsight
http://www.billy.demon.nl
Mail: tonni@???
