You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Rob Mangiafico <rm...@lexiconn.com> on 2007/01/09 03:21:11 UTC

question about -lastexternal and trusted_networks / dialup IP

It's probably because I need sleep, but I'm confused on this scenario:

User emails from his/her dialup IP directly to trusted_networks server 1
(which is allowed by access not SMTPAUTH), which then goes to my server.
It seems this email gets flagged as DUL, PBL, etc...

user1 -> trusted_networks server 1 -> final destination

Is there any way to not have this happen (get flagged) besides SMTPAUTH
checks? Remove server 1 from trusted_networks? ...

Thanks.

Rob

Re: question about -lastexternal and trusted_networks / dialup IP

Posted by Rob Mangiafico <rm...@lexiconn.com>.

On Mon, 8 Jan 2007, Daryl C. W. O'Shea wrote:
> Rob Mangiafico wrote:
> > On Mon, 8 Jan 2007, Daryl C. W. O'Shea wrote:
> >>> User emails from his/her dialup IP directly to trusted_networks server 1
> >>> (which is allowed by access not SMTPAUTH), which then goes to my server.
> >>> It seems this email gets flagged as DUL, PBL, etc...
> >>>
> >>> user1 -> trusted_networks server 1 -> final destination
> >>>
> >>> Is there any way to not have this happen (get flagged) besides SMTPAUTH
> >>> checks? Remove server 1 from trusted_networks? ...
> >> Is "server 1" acting only as an MSA, or is it also acting as an MX, or 
> >> intermediate relay?
> > 
> > server 1 is an MSA/MTA. Each server is an independent sendmail server both 
> > receiving and sending email.
> 
> OK, as long as they're not acting as an MX or passing mail from your MX 
> to the machine running SA, which sounds like is the case, you'll want to 
> make sure that the server (that is acting as an MSA) is not in your 
> internal_networks.
> 
> So either (i) have trusted_networks include all your servers and 
> internal_networks include all your servers except the MSA, or (ii) just 
> define your trusted_networks to include all your servers except the MSA 
> (and take a really small hit on some extra DNS lookups that are going to 
> end up cached by your DNS server) and don't bother setting 
> internal_networks.

Thanks! I was getting wrapped around the axle on trusted_networks, and had 
it set for all our servers that are also MSA/MTA's. I removed them all 
from trusted_networks, and no more dynamic IP false hits.  :)

Rob

Re: question about -lastexternal and trusted_networks / dialup IP

Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.

Rob Mangiafico wrote:
> On Mon, 8 Jan 2007, Daryl C. W. O'Shea wrote:
>>> User emails from his/her dialup IP directly to trusted_networks server 1
>>> (which is allowed by access not SMTPAUTH), which then goes to my server.
>>> It seems this email gets flagged as DUL, PBL, etc...
>>>
>>> user1 -> trusted_networks server 1 -> final destination
>>>
>>> Is there any way to not have this happen (get flagged) besides SMTPAUTH
>>> checks? Remove server 1 from trusted_networks? ...
>> Is "server 1" acting only as an MSA, or is it also acting as an MX, or 
>> intermediate relay?
> 
> server 1 is an MSA/MTA. Each server is an independent sendmail server both 
> receiving and sending email.

OK, as long as they're not acting as an MX or passing mail from your MX 
to the machine running SA, which sounds like is the case, you'll want to 
make sure that the server (that is acting as an MSA) is not in your 
internal_networks.

So either (i) have trusted_networks include all your servers and 
internal_networks include all your servers except the MSA, or (ii) just 
define your trusted_networks to include all your servers except the MSA 
(and take a really small hit on some extra DNS lookups that are going to 
end up cached by your DNS server) and don't bother setting 
internal_networks.

Daryl

Re: question about -lastexternal and trusted_networks / dialup IP

Posted by Rob Mangiafico <rm...@lexiconn.com>.

On Mon, 8 Jan 2007, Daryl C. W. O'Shea wrote:
> > User emails from his/her dialup IP directly to trusted_networks server 1
> > (which is allowed by access not SMTPAUTH), which then goes to my server.
> > It seems this email gets flagged as DUL, PBL, etc...
> > 
> > user1 -> trusted_networks server 1 -> final destination
> > 
> > Is there any way to not have this happen (get flagged) besides SMTPAUTH
> > checks? Remove server 1 from trusted_networks? ...
> 
> Is "server 1" acting only as an MSA, or is it also acting as an MX, or 
> intermediate relay?

server 1 is an MSA/MTA. Each server is an independent sendmail server both 
receiving and sending email.

Rob

Re: question about -lastexternal and trusted_networks / dialup IP

Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.

Rob Mangiafico wrote:
> It's probably because I need sleep, but I'm confused on this scenario:
> 
> User emails from his/her dialup IP directly to trusted_networks server 1
> (which is allowed by access not SMTPAUTH), which then goes to my server.
> It seems this email gets flagged as DUL, PBL, etc...
> 
> user1 -> trusted_networks server 1 -> final destination
> 
> Is there any way to not have this happen (get flagged) besides SMTPAUTH
> checks? Remove server 1 from trusted_networks? ...

Is "server 1" acting only as an MSA, or is it also acting as an MX, or 
intermediate relay?

Daryl