You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Pat Traynor <pa...@ssih.com> on 2014/03/28 20:23:10 UTC
Which IP is tested by the RBLs?
My PC is connected via a Verizon dynamically-allocated IP address, which
is on several RBLs. If I send mail directly from my PC to my linux mail
server, spamassassin flags it. This is generally not a big deal for me,
as I usually use a mail client on the server itself.
However, from time to time, I'll use a mail client on my PC just for
convenience.
What I want to know is this... If I send an email from my PC to someplace
remote, it first gets accepted by my linux mail server and then moves on
from there. If the destination machine is running spamassassin, does
it test the original IP address of my Verizon-connected PC, or does it
test the IP address of my linux server?
--pat--
--
Pat Traynor
pat@ssih.com
RE: Which IP is tested by the RBLs?
Posted by Email Lists07 <li...@abbacomm.net>.
-----Original Message----- From: Kris Deugau
snip
Unfortunately, the places you'll have trouble with are places with filter
appliances made by a fairly well-known company I'll leave nameless, whose
local admins and/or consultants have (mis)configured these devices to do
lookups on all the IPs. These sites haven't yet discovered the inevitable
mess this causes by blocking mail relayed by a perfectly legitimate colo
machine but originating from, for example, an IP range listed on the
Spamhaus PBL. Or the filter appliance company's own DNSBL.
I see a case of this once a month or so; some innocent user on our network
sends a message through our designated relay, but the message is rejected
with a reference to that user's home connection at the time the message was
sent, based on a DNSBL that should NOT be used for that lookup.
snip
-kgd
Kris
Even though I know who you mean....
Please do not hide such useful company and brand name info to those that
might need it...
Sometimes we can get admins at those sites to make mods in appliance configs
or other machines that help
- rh
Re: Which IP is tested by the RBLs?
Posted by Pat Traynor <pa...@ssih.com>.
Thanks, everyone for all the good info. Lots to digest, but I now have
a few options to persue.
--pat--
--
Pat Traynor
pat@ssih.com
Re: Which IP is tested by the RBLs?
Posted by Benny Pedersen <me...@junc.eu>.
Kris Deugau skrev den 2014-03-28 20:51:
> (PBL entries in particular are submitted in part by the netblock
> owner/operators themselves, as "IP ranges which should not be
> generating
> direct-to-MX email traffic". Most other DNSBLs list data in a similar
> context; they should not be used for deep inspection of the Received:
> chain, just the IP that relayed the message to your server/network.)
PBL is managed by spamhaus and isp owners, with 127.0.0.10 and
127.0.0.11 it can be seperaly tested, i wish all dynamicly ips was
listed in PBL, then spam problems would be gone, since idealy all mail
users would use sasl auth to there mailprovider, with will then not care
of origin ips is listed in PBL or not
here i just use postfix with postscreen rbl testing, thus also dnswl
keeps the most good servers into be tested with content later in
spamassassin, while only a few mails that could be spam are tested,
while postfix reject all the rest via rbl/dmarc/spf here
to the OP: start dkim sign your mails and see if you can be listed in
dnswl.org as a good sender if you have a static server ip, this is the
begin to be not listed as spaming ip
i had for around a year ago a spamhaus pbl listning where my isp could
see it was there need to make that not happend when i paid for static
ip, listed seperate in ripe.net, so i could not at that point send mails
to one more of there custommers with a isp hosted email addr, called
them and got them to agree this was something thay either resolve or get
less money from my so called static ip :=)
btw dhcp in a hostname does not say its dynamic, seperate listning is
best prove to its a static, when my ripe listning is gone, its will be
static pool, where there could be silly or not silly, dynamic clients in
:(
Re: Which IP is tested by the RBLs?
Posted by Kris Deugau <kd...@vianet.ca>.
Pat Traynor wrote:
> My PC is connected via a Verizon dynamically-allocated IP address, which
> is on several RBLs. If I send mail directly from my PC to my linux mail
> server, spamassassin flags it. This is generally not a big deal for me,
> as I usually use a mail client on the server itself.
>
> However, from time to time, I'll use a mail client on my PC just for
> convenience.
>
> What I want to know is this... If I send an email from my PC to someplace
> remote, it first gets accepted by my linux mail server and then moves on
> from there. If the destination machine is running spamassassin, does
> it test the original IP address of my Verizon-connected PC, or does it
> test the IP address of my linux server?
*Most* of the IP DNSBLs will be checked for the IP of your server.
The only one I know of offhand that will be checked for your home IP is
the Spamhaus SBL sublist.
Unfortunately, the places you'll have trouble with are places with
filter appliances made by a fairly well-known company I'll leave
nameless, whose local admins and/or consultants have (mis)configured
these devices to do lookups on all the IPs. These sites haven't yet
discovered the inevitable mess this causes by blocking mail relayed by a
perfectly legitimate colo machine but originating from, for example, an
IP range listed on the Spamhaus PBL. Or the filter appliance company's
own DNSBL.
I see a case of this once a month or so; some innocent user on our
network sends a message through our designated relay, but the message is
rejected with a reference to that user's home connection at the time the
message was sent, based on a DNSBL that should NOT be used for that lookup.
(PBL entries in particular are submitted in part by the netblock
owner/operators themselves, as "IP ranges which should not be generating
direct-to-MX email traffic". Most other DNSBLs list data in a similar
context; they should not be used for deep inspection of the Received:
chain, just the IP that relayed the message to your server/network.)
-kgd
Re: Which IP is tested by the RBLs?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 28.03.14 15:23, Pat Traynor wrote:
>My PC is connected via a Verizon dynamically-allocated IP address, which
>is on several RBLs. If I send mail directly from my PC to my linux mail
>server, spamassassin flags it. This is generally not a big deal for me,
>as I usually use a mail client on the server itself.
>
>However, from time to time, I'll use a mail client on my PC just for
>convenience.
>
>What I want to know is this... If I send an email from my PC to someplace
>remote, it first gets accepted by my linux mail server and then moves on
>from there. If the destination machine is running spamassassin, does
>it test the original IP address of my Verizon-connected PC, or does it
>test the IP address of my linux server?
The remote machine will check your IP in blacklists.
However, not for dynamic IPs, only if your PC was their MX (and thus in
their internal_networks). However your IP will still be checked for
blacklist that contain hacked, zombie and other abusing IPs.
...of course, all with properly set up SA or similar spam filter.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese.
Re: Which IP is tested by the RBLs?
Posted by John Hardin <jh...@impsec.org>.
On Fri, 28 Mar 2014, Kevin A. McGrail wrote:
> On 3/28/2014 3:23 PM, Pat Traynor wrote:
>> My PC is connected via a Verizon dynamically-allocated IP address, which
>> is on several RBLs. If I send mail directly from my PC to my linux mail
>> server, spamassassin flags it. This is generally not a big deal for me,
>> as I usually use a mail client on the server itself.
>>
>> However, from time to time, I'll use a mail client on my PC just for
>> convenience.
>>
>> What I want to know is this... If I send an email from my PC to someplace
>> remote, it first gets accepted by my linux mail server and then moves on
>> from there. If the destination machine is running spamassassin, does
>> it test the original IP address of my Verizon-connected PC, or does it
>> test the IP address of my linux server?
>
> The best answer is typically to use authenticated email to your server to
> make sure you don't involve whatever ISP you happen to be using.
Or set up an SSH tunnel to 25/tcp on your hosted server so that the
PC->MTA first hop comes from 127.0.0.1
That's what I do.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Think Microsoft cares about your needs at all?
"A company wanted to hold off on upgrading Microsoft Office for a
year in order to do other projects. So Microsoft gave a 'free' copy
of the new Office to the CEO -- a copy that of course generated
errors for anyone else in the firm reading his documents. The CEO
got tired of getting the 'please re-send in XX format' so he
ordered other projects put on hold and the Office upgrade to be top
priority." -- Cringely, 4/8/2004
-----------------------------------------------------------------------
4 days until April Fools' day
Re: Which IP is tested by the RBLs?
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 3/28/2014 3:23 PM, Pat Traynor wrote:
> My PC is connected via a Verizon dynamically-allocated IP address, which
> is on several RBLs. If I send mail directly from my PC to my linux mail
> server, spamassassin flags it. This is generally not a big deal for me,
> as I usually use a mail client on the server itself.
>
> However, from time to time, I'll use a mail client on my PC just for
> convenience.
>
> What I want to know is this... If I send an email from my PC to
> someplace
> remote, it first gets accepted by my linux mail server and then moves on
> from there. If the destination machine is running spamassassin, does
> it test the original IP address of my Verizon-connected PC, or does it
> test the IP address of my linux server?
>
> --pat--
Depends on the specific RBL. Some do deep header parsing and check all
the received headers. Some test only the last received header before
any trusted header, etc.
The best answer is typically to use authenticated email to your server
to make sure you don't involve whatever ISP you happen to be using.
However, I still see this issue from time to time when staying at hotels
where different RBLs will hit the IP from the hotel I'm staying at. In
those cases, I unfortunately usually tunnel over a VPN or similar to
remove the ISP from the entire picture.
Regards,
KAM