[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: smtp-policy confusion
> I thought that I understood how to configure the smtp policy filter
> but I was wrong. After getting the SPAM filter working, I found that I
> was rejecting legitimate mail.
I may have a few observations on that regard to share with
TEST-DNS-RBL mode active at one host I use to test new things.
(Another email coming..)
> I thought that adding a line like:
> [128.167.0.0]/16 = _full_rights
> where 128.167.0.0 is our class B net would allow mail to or form our
> network to get through without any trouble. I was wrong.
>
> I also tried:
> [128.167.0.0]/16 relaycustomer + relaytarget +
> but that didn't work.
You need "relaycustnet +", which is on
the "_full_rights" macro all right.
With p9 snapshots (5th now) there is a way to
check at connection source reversed name, and
thus define ".local.domain = _full_rights",
but as we all know, relying on DNS reversers
is just pegging for trouble...
(there is no name-to-IP paranoid verification
for the reversed names in the code, thus...)
(And there are also other problems in this
regarding the boiler-plate data, and also
the policy-builder.sh script.)
> We are running zmailer 2.99.49p5a2 Is that the problem or am I
> missing something.
I am checking this against 2.99.49p4 and 2.99.49p9(snap5)
and both behave the same way (I think).
However the policytest() stuff has had constant evolution
in it all the time, and even occasional bugs. I can't
say with confidence what was the status at 2.99.49p5a2.
Do you, by change, use the 'policy-builder.sh' script to
construct the policy dataset ?
There all you need to do is to list all relay-customer
networks in the file: $MAILSHARE/db/smtp-policy.relay:
[128.167.0.0]/16
and then execute the builder script, and you have things
set up.
However if people with local addresses are submitting
to you email for outbound relaying, and their IP address
is not in your local network, you have a big problem
to solve:
Will you allow outbound messages on basis of
it having MAIL FROM:<...> address in your
$MAILSHARE/db/localnames file, or you listing
your domain as ".local.domain" in file
$MAILSHARE/db/smtp-policy.relay ?
If you don't, the "_full_rights" macro needs to have
attribute "relaycustomer +" removed.
> David Trueman,
> Systems Manager, Dalhousie Faculty of Computer Science
> Technical Chair, Chebucto Community Net
/Matti Aarnio <mea@nic.funet.fi>