Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: spamassassin.apache.org > users > 07 > 083093.html (Request Expert spamassassin.apache.org Support)

Re: Email forwarding and RBL trouble

From: Rense Buijen <rense.buijen(at)chess.nl>
Date: Wed Aug 22 2007 - 09:27:41 EDT


Mathhias,

The problem is that when the mail enters the backup MX, we dont know if that mail is blacklisted at for instance spamcop. So if the backup mx accepts the mail (because it's dumb and it will accept it), and my primary mx (SA) has set the backup mx as trusted network/source, the mail will be delivered while it should not have been. You see the problem? SA cannot see if the mail that has been forwarded by my backup MX is valid (black/whitelisted) or not because it cannot check the IP against the RBL, it will lookup the wrong IP. And it should do this because there is NO rbl checking on the backup MX itself...

Matthias Leisi wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
 > Hash: SHA1
>
>
>
> Rense Buijen schrieb:
>
>
>> Thank you for your (quick) reply.
>> I cannot utilize the trusted_networks settings because I cannot trust
>> the mail that my backup MX sends to me.
>>
>
> But your backup MX is "trusted" in the sense that it will not forge
> sender addresses, Received: lines etc. -- that's what trusted_networks
> basically implies.
>
> If trusted_networks etc are set correctly, SA will recognize your backup
> MX, and will not apply any RBL checks to it's IP address. The
> Mail::SpamAssassin::Conf man-page has all the dirty details, including
> those of internal_networks
>
>
>> The backup MX does NO filtering at all, it just accepts ALL mail that
>> has a certain destination domain and then forwards it to the Primary MX
>> where SA is running, SA is doing all the filtering and
>> white/black/grey-listing.
>>
>
> You should ensure that connections from your backup MX are not
> grey/blacklisted at the MTA level (don't know whether you're already
> doing it, but just to mention it...).
>
> - -- Matthias
> -----BEGIN PGP SIGNATURE-----
 > Version: GnuPG v1.4.2 (GNU/Linux)
>
> iD8DBQFGzDfTxbHw2nyi/okRAq7jAKCbKv8IknFw2Nmse3l3LTszN7OyYgCfY28l
> XAA+s+kES1B4mbmcvK2VE24=
> =95OW
> -----END PGP SIGNATURE-----
 >
> 

-- 
Met vriendelijke groeten,

Rense Buijen
Chess Service Management
Tel.: 023-5149250
Email: Servicedesk@chess.nl
Received on Wed Aug 22 09:28:18 2007

This archive was generated by hypermail 2.1.8 : Thu Oct 25 2007 - 00:21:15 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library