Re: [Exim] localhost as SMTP server again: Dynamic IP adress…

Top Page
Delete this message
Reply to this message
Author: James P. Roberts
Date:  
To: Toralf Lund, Exim Mailing List
Subject: Re: [Exim] localhost as SMTP server again: Dynamic IP adresses being blocked
----- Original Message -----
From: "Toralf Lund" <toralf@???>
To: "Exim Mailing List" <exim-users@???>
> <snip>
> I always thought that RBL checks would typically
> also consult addresses in headers in some way,
> though, but perhaps I was wrong?
>


Normally, only the IP of the connecting host is checked against a RBL. (It is
possible to have Exim send the connecting hostname, to those RBL's which
require it, instead of IP. See the docs).

Some of us are using a method to check IP addresses in "Received:" headers,
for certain special conditions, and doing RBL checks on them.

The "special condition" is the case of known forwarding services (many
colleges and universities provide such "email forwarding for life" services),
which fail to do any spam filtering, RBL checking, or anything of the sort.
One cannot reject based on the connecting host in such a case, since the
forwarder is providing a "desired service."

The main point is, one only performs this RBL checking, of an IP from a
"Received:" header, when the connecting host is one of these known forwarders.

Caveat: To do this, one must wait until *after* DATA (i.e. in the DATA ACL),
to detect the IP to be checked, because the headers are not available before
DATA. Unless you *really* want to upset the "known forwarders", one should
*not* bounce a message after DATA, since the return address of such junk is
almost always spoofed or non-existent (i.e. - you would generate "collateral
spam"). In my case, I simply add a warning header, and in the routers I
divert the junk to a special spam-catcher account, if the header is present.
At least it's not in my inbox anymore; plus, I still have the originals, in
case of an (unlikely, but possible) false positive.

A couple of us are working on a "general" solution to this particular "known
forwarder" problem. At the moment, we've got a couple of customized
solutions, for only a single forwarding service, each. We plan to publish our
method to the list when it's complete (or just the customized solutions, if we
can't come up with a satisfactory "general" solution.) The hiccup right now
is trying to build a re-useable, general-purpose regex, to extract the correct
IP, depending on which (of an arbitrary number of) known forwarding hosts (or
domains) is connecting.

One of us currently matches any host from some specific domain; the other is
using a list of specific hostnames (FQDNs). It would be nice to have a
solution amenable to either/both approach. We're working on it! :)

Regards,
Jim Roberts
Punster Productions, Inc.