Hosting Provided By

Re: [sa-list] Re: RCVD_IN_DNSWL_LOW

From: Dan Mahoney, System Admin <danm(at)prime.gushi.org>
Date: Wed Oct 17 2007 - 15:58:24 EDT

On Wed, 17 Oct 2007, Alex Woick wrote:

> Matthias Leisi schrieb am 17.10.2007 09:46:
>
>> Correct. But by setting (in your local.cf or equivalent)
>>
>> | trusted_networks 204.9.177.18
>>
>> you are telling SpamAssassin that this relay is not operated by a
>> spammer and that it should apply all black-/whitelist rules etc. to the
>> IP address one more hop away. Then, in the context of SpamAssassin, you
>> regain full control of connection-oriented rules.
>>
>> That's not fully equivalent to having the actual "spamming connection"
>> to deal with, but as close as it gets -- if you need it "closer", you
>> should not use forwarding services.
>
> Good point. I think I start to understand what trusted_network is for and how
> it works. Currently, I have a provider whose MX receives mail for me and
> forwards it to my local mail server. Spam detection improved much when I
> added its IP address to trusted_networks some time ago.
>
> Now, I occasionly get spam to my users.sourceforge.net account, just like Dan
> Mahoney is getting spam to his Livejournal account. Sourceforge is also
> listed with LOW at dnswl and acts as a forwarder to my own mail server.
>
> Since I never get spam from users.sourceforge.net accounts directly but only
> spam sent to my users.sourceforge.net account from random addresses, I
> suppose the Sourceforge mail server is trusted in that way that spam doesn't
> originate from it, and that's the purpose of trusted_network. Just like my
> Provider forwarding mail to me sent from random originators, but never
> produces spam itself.

Sure, but that means each person who is a member of one of these services has to:

Look up their forwarded email address
Look up the SPF record for that domain -or-
Take a best guess as to the fact that the receiving MX will also be the sending.

THEN

Translate that into trusted networks statements, which are GLOBALLY trusted (either per server or per used, but NOT per envelope-recipient) -- which is fine for Livejournal or Sourceforge, I guess, I'd imagine their MXes are pretty dedicated, but I'm sure there's smaller cases.

But it might help to have some series of dynamic rule...whereby an address is DNSWL'd with a special code that lists it as a known relay for certain domains, and the trusted_networks logic extends automatically (if the relaying domain matches).

Apologies if I've repeated anything already said.

-Dan

--

"there is no loyalty in the business, so we stay away from things that piss people off"

-The Boss, November 12, 2002

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  
http://www.gushi.org
---------------------------

Received on Wed Oct 17 16:02:38 2007

This message: [ Message body ]
Next message: John Rudd: "Re: Bit OT but it's about SPAM"
Previous message: Diffenderfer, Randy: "FW: Bit OT but it's about SPAM"
In reply to: Alex Woick: "Re: RCVD_IN_DNSWL_LOW"
Next in thread: Henrik Krohns: "Re: RCVD_IN_DNSWL_LOW"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sat Jul 05 2008 - 19:11:27 EDT

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related spamassassin.apache.org Links users Request more information about Pantek