You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rob Mangiafico <rm...@lexiconn.com> on 2007/01/09 03:21:11 UTC
question about -lastexternal and trusted_networks / dialup IP
It's probably because I need sleep, but I'm confused on this scenario:
User emails from his/her dialup IP directly to trusted_networks server 1
(which is allowed by access not SMTPAUTH), which then goes to my server.
It seems this email gets flagged as DUL, PBL, etc...
user1 -> trusted_networks server 1 -> final destination
Is there any way to not have this happen (get flagged) besides SMTPAUTH
checks? Remove server 1 from trusted_networks? ...
Thanks.
Rob
Re: question about -lastexternal and trusted_networks / dialup IP
Posted by Rob Mangiafico <rm...@lexiconn.com>.
On Mon, 8 Jan 2007, Daryl C. W. O'Shea wrote:
> Rob Mangiafico wrote:
> > On Mon, 8 Jan 2007, Daryl C. W. O'Shea wrote:
> >>> User emails from his/her dialup IP directly to trusted_networks server 1
> >>> (which is allowed by access not SMTPAUTH), which then goes to my server.
> >>> It seems this email gets flagged as DUL, PBL, etc...
> >>>
> >>> user1 -> trusted_networks server 1 -> final destination
> >>>
> >>> Is there any way to not have this happen (get flagged) besides SMTPAUTH
> >>> checks? Remove server 1 from trusted_networks? ...
> >> Is "server 1" acting only as an MSA, or is it also acting as an MX, or
> >> intermediate relay?
> >
> > server 1 is an MSA/MTA. Each server is an independent sendmail server both
> > receiving and sending email.
>
> OK, as long as they're not acting as an MX or passing mail from your MX
> to the machine running SA, which sounds like is the case, you'll want to
> make sure that the server (that is acting as an MSA) is not in your
> internal_networks.
>
> So either (i) have trusted_networks include all your servers and
> internal_networks include all your servers except the MSA, or (ii) just
> define your trusted_networks to include all your servers except the MSA
> (and take a really small hit on some extra DNS lookups that are going to
> end up cached by your DNS server) and don't bother setting
> internal_networks.
Thanks! I was getting wrapped around the axle on trusted_networks, and had
it set for all our servers that are also MSA/MTA's. I removed them all
from trusted_networks, and no more dynamic IP false hits. :)
Rob
Re: question about -lastexternal and trusted_networks / dialup IP
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Rob Mangiafico wrote:
> On Mon, 8 Jan 2007, Daryl C. W. O'Shea wrote:
>>> User emails from his/her dialup IP directly to trusted_networks server 1
>>> (which is allowed by access not SMTPAUTH), which then goes to my server.
>>> It seems this email gets flagged as DUL, PBL, etc...
>>>
>>> user1 -> trusted_networks server 1 -> final destination
>>>
>>> Is there any way to not have this happen (get flagged) besides SMTPAUTH
>>> checks? Remove server 1 from trusted_networks? ...
>> Is "server 1" acting only as an MSA, or is it also acting as an MX, or
>> intermediate relay?
>
> server 1 is an MSA/MTA. Each server is an independent sendmail server both
> receiving and sending email.
OK, as long as they're not acting as an MX or passing mail from your MX
to the machine running SA, which sounds like is the case, you'll want to
make sure that the server (that is acting as an MSA) is not in your
internal_networks.
So either (i) have trusted_networks include all your servers and
internal_networks include all your servers except the MSA, or (ii) just
define your trusted_networks to include all your servers except the MSA
(and take a really small hit on some extra DNS lookups that are going to
end up cached by your DNS server) and don't bother setting
internal_networks.
Daryl
Re: question about -lastexternal and trusted_networks / dialup IP
Posted by Rob Mangiafico <rm...@lexiconn.com>.
On Mon, 8 Jan 2007, Daryl C. W. O'Shea wrote:
> > User emails from his/her dialup IP directly to trusted_networks server 1
> > (which is allowed by access not SMTPAUTH), which then goes to my server.
> > It seems this email gets flagged as DUL, PBL, etc...
> >
> > user1 -> trusted_networks server 1 -> final destination
> >
> > Is there any way to not have this happen (get flagged) besides SMTPAUTH
> > checks? Remove server 1 from trusted_networks? ...
>
> Is "server 1" acting only as an MSA, or is it also acting as an MX, or
> intermediate relay?
server 1 is an MSA/MTA. Each server is an independent sendmail server both
receiving and sending email.
Rob
Re: question about -lastexternal and trusted_networks / dialup IP
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Rob Mangiafico wrote:
> It's probably because I need sleep, but I'm confused on this scenario:
>
> User emails from his/her dialup IP directly to trusted_networks server 1
> (which is allowed by access not SMTPAUTH), which then goes to my server.
> It seems this email gets flagged as DUL, PBL, etc...
>
> user1 -> trusted_networks server 1 -> final destination
>
> Is there any way to not have this happen (get flagged) besides SMTPAUTH
> checks? Remove server 1 from trusted_networks? ...
Is "server 1" acting only as an MSA, or is it also acting as an MX, or
intermediate relay?
Daryl