You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Thomas Cameron <th...@camerontech.com> on 2014/07/24 16:58:20 UTC

Somewhat OT - how do I whitelist a host which is in a DNSBL in sendmail?

Howdy -

I have two VMs at Digital Ocean, one on the east coast, one on the west.

I'm running Sendmail-8.14.8-2.fc20.x86_64. I have several DNSBLs listed:

FEATURE(`dnsbl',`in.dnsbl.org ')dnl
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl
FEATURE(`dnsbl',`cbl.abuseat.org')dnl
FEATURE(`dnsbl',`dul.dnsbl.sorbs.net')dnl

Unfortunately, my home network is attached to a cable provider which
shows up in dul.dnsbl.sorbs.net.

Can I whitelist my IP address so that I can send mail through my mail
servers? Right now, it gets rejected.

Yeah, I know, I can always use my ISP's smtp server, I guess. But that
kind of sucks. I would rather use mine. Purely a pride thing, I know.

Thomas

Re: Somewhat OT - how do I whitelist a host which is in a DNSBL in sendmail?

Posted by Thomas Cameron <th...@camerontech.com>.

On 07/24/2014 10:37 AM, Dave Funk wrote:
> 
> Thomas.
> Do you have 'MSA' port enabled for your sendmail? (IE port 567) and
> SMTP-AUTH? Then just skip the dnsbl checks for auth'ed mail submissions.
> You could whitelist your client IP address in your 'access' file but
> what happens when that address changes? (I assume your ISP gives you
> a DHCP address).

Hi, Dave -

I actually have SMTP AUTH enabled, and it was working fine (albeit on
port 25 with STARTTLS) until I added the DNSBL.

Even connecting from my MUA (Thunderbird on Linux) to port 587 on my
server, I get this (identifying info changed) in the log file if I
enable the DNSBL:

Jul 24 11:57:36 YYY dovecot: imap-login: Login: user=<thomas.cameron>,
method=PLAIN, rip=1.2.3.4, lip=4.5.6.7 mpid=469, TLS,
session=<GG70g/L+xwBGw8l/>
Jul 24 11:57:59 YYY sendmail[472]: ruleset=check_relay,
arg1=cpe-XXXX.austin.res.rr.com, arg2=127.0.0.10,
relay=cpe-XXXX.austin.res.rr.com [1.2.3.4], reject=550 5.7.1 Rejected:
68.203.17.142 listed at dul.dnsbl.sorbs.net

TC

Re: Somewhat OT - how do I whitelist a host which is in a DNSBL in sendmail?

Posted by Dave Funk <db...@engineering.uiowa.edu>.

On Thu, 24 Jul 2014, Thomas Cameron wrote:

> Howdy -
>
> I have two VMs at Digital Ocean, one on the east coast, one on the west.
>
> I'm running Sendmail-8.14.8-2.fc20.x86_64. I have several DNSBLs listed:
>
> FEATURE(`dnsbl',`in.dnsbl.org ')dnl
> FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl
> FEATURE(`dnsbl',`cbl.abuseat.org')dnl
> FEATURE(`dnsbl',`dul.dnsbl.sorbs.net')dnl
>
> Unfortunately, my home network is attached to a cable provider which
> shows up in dul.dnsbl.sorbs.net.
>
> Can I whitelist my IP address so that I can send mail through my mail
> servers? Right now, it gets rejected.
>
> Yeah, I know, I can always use my ISP's smtp server, I guess. But that
> kind of sucks. I would rather use mine. Purely a pride thing, I know.
>
> Thomas

Thomas.
Do you have 'MSA' port enabled for your sendmail? (IE port 567) and
SMTP-AUTH? Then just skip the dnsbl checks for auth'ed mail submissions.
You could whitelist your client IP address in your 'access' file but
what happens when that address changes? (I assume your ISP gives you
a DHCP address).


-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Re: Somewhat OT - how do I whitelist a host which is in a DNSBL in sendmail?

Posted by Karsten Bräckelmann <gu...@rudersport.de>.

s/somewhat//  # ;)

On Thu, 2014-07-24 at 09:58 -0500, Thomas Cameron wrote:
> I'm running Sendmail-8.14.8-2.fc20.x86_64. I have several DNSBLs listed:
> 
> FEATURE(`dnsbl',`in.dnsbl.org ')dnl
> FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl
> FEATURE(`dnsbl',`cbl.abuseat.org')dnl
> FEATURE(`dnsbl',`dul.dnsbl.sorbs.net')dnl
> 
> Unfortunately, my home network is attached to a cable provider which
> shows up in dul.dnsbl.sorbs.net.
> 
> Can I whitelist my IP address so that I can send mail through my mail
> servers? Right now, it gets rejected.

Not sendmail specific, and I wouldn't know the exact sendmail conf for
this anyway, but:

You should use authentication, and configure your SMTP to accept
authenticated connections before rejecting based on DNSBLs.


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: Somewhat OT - how do I whitelist a host which is in a DNSBL in sendmail?

Posted by Thomas Cameron <th...@camerontech.com>.

On 07/24/2014 09:58 AM, Thomas Cameron wrote:
> Howdy -
> 
> I have two VMs at Digital Ocean, one on the east coast, one on the west.
> 
> I'm running Sendmail-8.14.8-2.fc20.x86_64. I have several DNSBLs listed:
> 
> FEATURE(`dnsbl',`in.dnsbl.org ')dnl
> FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl
> FEATURE(`dnsbl',`cbl.abuseat.org')dnl
> FEATURE(`dnsbl',`dul.dnsbl.sorbs.net')dnl
> 
> Unfortunately, my home network is attached to a cable provider which
> shows up in dul.dnsbl.sorbs.net.
> 
> Can I whitelist my IP address so that I can send mail through my mail
> servers? Right now, it gets rejected.
> 
> Yeah, I know, I can always use my ISP's smtp server, I guess. But that
> kind of sucks. I would rather use mine. Purely a pride thing, I know.
> 
> Thomas
> 

Disregard. I was waaaaay over thinking it. A quick line in
/etc/mail/access fixed it.

Sorry for the noise.

TC