[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Policies and RELAYCUSTOMER
On Thu, Jun 08, 2000 at 10:55:15AM -0300, Nicolas Baumgarten wrote:
> Thanks fo the fast answer...
> But,
> After a combination of events we finally get to RBL.
>
> One of our users, hiding behind a yahoo account sent a big spam,
> somebody do the right thing, submitted us to RBL an we are blocked:
> This is the RBL report
> <<< 220 relay2 ZMailer Server 2.99.51 #1 ESMTP+IDENT ready at Tue, 6 Jun
> 2000 12:33:42 +0300
> ....
> >>> MAIL FROM:<spamtest@[OUR.IP.ADDRESS]>
> <<< 250 Ok (verified) Ok
> >>> RCPT TO:<"user@kithrup.com"@[OUR.IP.ADDRESS]>
> <<< 250 2.1.5 Recipient address syntax Ok
> >>> DATA
> <<< 354 Start mail input; end with <CRLF>.<CRLF>
> >>> (message body)
> <<< 250 2.6.0 S33888AbQFFJeE message accepted
>
> /var/local/maps/rss/bin/rly: relay accepted - final response code 250
>
> Is this fixed in future versions?
> Any quick fix for this to get out from RBL?
As long as smtpserver runs without interactive router, there
is no guaranteed way of knowing, which recipient address is
valid local one, which is bogus. ZMailer receives anything
looking to be local, and then latter sends back a reject.
Adding letters 'f' and 't' to the '*'-tag at the end of the
usual smtpserver.conf file will get the router to process
incoming addresses interactively, and then report if particular
recipient really exists -- or not. (No, it isn't guaranteed
thing even then in all cases, unfortunately.)
It may be that the router, or its scripts mishandled that
local-part processing, and got it dequoted at wrong phase.
(If the message got sent out to <user@kithrup.com>, and
not a bounce to <spamtest@[OUR.IP.ADDRESS]>)
This is a false-positive which RBL test script reports, not
a real thing.
> And going back to the makerading thing..
> There is something i'm missing?
> If, as you (Matti) said have "kwazillion dialup lines" that mean
> that those IP addresses should have full_rights and anybody can send
> anything,
> maskerading behind any mail address?
> Thats what we have and i dont like to help bad users to do whath they are
> doing.
The problem is that to *know* what some address user is allowed
to claim at any given moment is not an easy thing.
Some mechanism alike whoson might help by logging dialup login
into itself, and then some additional databases could be queried
to know all addresses that that particular user is allowed to
use -- only then this type of blocking is sensible.
(Remember: Dialup lines use dynamic address pools, same user will
likely appear with different addresses every call, and same address
will be reused by different users..)
After recent "Doctor is on the net" SPAMs, I got enough steam
to complete my old content-policy hooks, those could be used
also to write this type of analyzer you are looking for.
> Thanks in advance.
--
/Matti Aarnio <mea@nic.funet.fi>