You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Kenneth Porter <sh...@sewingwitch.com> on 2006/05/22 18:16:47 UTC
"Vouching" for mail from a dynamic IP (was: SPAM-LOW: Re: Spam
Assassin Detecting our emails as spam)
--On Saturday, May 20, 2006 4:54 PM -0700 jdow <jd...@earthlink.net> wrote:
> Looking at your own email it comes from a COMCAST cable connection
> in Palmer Ranch Florida through the WFGB mailer. The WFGB mailer is
> not in SORBS anywhere. YOUR address most certainly is a dialup. So
> it WILL get tagged unless your mail goes through a machine that
> properly vouches for it. 68.32.0.0/11 (68.32.0.0-68.63.255.255) is
> a dynamic IP netblock.
How does another machine "properly vouch for it"? If I route my mail to a
colocated host under my control, how do I make that host vouch for the mail
from my house?
Re: "Vouching" for mail from a dynamic IP
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 5/22/2006 12:16 PM, Kenneth Porter wrote:
> --On Saturday, May 20, 2006 4:54 PM -0700 jdow <jd...@earthlink.net> wrote:
>
>> Looking at your own email it comes from a COMCAST cable connection
>> in Palmer Ranch Florida through the WFGB mailer. The WFGB mailer is
>> not in SORBS anywhere. YOUR address most certainly is a dialup. So
>> it WILL get tagged unless your mail goes through a machine that
>> properly vouches for it. 68.32.0.0/11 (68.32.0.0-68.63.255.255) is
>> a dynamic IP netblock.
>
>
> How does another machine "properly vouch for it"? If I route my mail to
> a colocated host under my control, how do I make that host vouch for the
> mail from my house?
There's no vouching. SpamAssassin simply looks for one relay between
your network and the sender. If there isn't a relay between the two
(that is the sender sent mail directly to your MX) the mail is treated
as direct-to-MX and its IP is looked up in various blacklists.
Normally a sender would relay through their own mail server which would
then relay the mail to your MX, thus avoiding having the sender's
(end-user's MUA) IP looked up... their mail relay would be looked up though.
When your sending mail to your own domain which uses the same mail
server for everything this relay between the client and your MX doesn't
exists and you run in to the problem described. As previously noted in
this thread, it is explained here:
http://wiki.apache.org/spamassassin/DynablockIssues
Daryl
Re: "Vouching" for mail from a dynamic IP (was: SPAM-LOW: Re: Spam
Assassin Detecting our emails as spam)
Posted by "John D. Hardin" <jh...@impsec.org>.
On Mon, 22 May 2006, Kenneth Porter wrote:
> On Monday, May 22, 2006 12:28 PM -0700 "John D. Hardin"
> <jh...@impsec.org> wrote:
>
> > Send it over an ssh tunnel so that to the MTA it appears to be coming
> > from 127.0.0.1. That's how I do it.
>
> Any way to do that with sendmail at both ends?
Yep, hang on while I troll my configs, it's been a while since I
set this up...
...you need to change the A= option on the "relay" mailer. All
non-local mail will automatically go via that mailer:
Mrelay, P=[IPC], F=mDFMuXa8, S=11/31, R=61, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=IPC [10.1.0.254] 25001
10.1.0.254 is the home end of my ssh tunnel to my hosted server, and
it forwards port 25001 to port 25 on the hosted server. If you're
running the ssh client directly on your mailserver, it would be:
A=IPC [127.0.0.1] 25001
The other mailers (smtp, esmtp, smtp8) might also need changing
"A=IPC $h" to the above, but I haven't needed to do that here.
> Currently I use an AuthInfo entry in the sending MTA's access DB,
> and a mailertable entry (or smarthost in sendmail.mc) to direct
> mail to the receiving MTA for domains that don't like dynamic
> senders. So the dynamic IP in the Received headers should show up
> as authenticated for the host with static IP.
Eh, just send *all* of your outbound mail via your hosted server (it's
at a static IP address, right?) and don't worry about custom configs
to get around people with dynamic-IP blocks.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The problem is when people look at Yahoo, slashdot, or groklaw and
jump from obvious and correct observations like "Oh my God, this
place is teeming with utter morons" to incorrect conclusions like
"there's nothing of value here". -- Al Petrofsky, in Y! SCOX
-----------------------------------------------------------------------
Re: "Vouching" for mail from a dynamic IP (was: SPAM-LOW: Re: Spam
Assassin Detecting our emails as spam)
Posted by Kenneth Porter <sh...@sewingwitch.com>.
On Monday, May 22, 2006 12:28 PM -0700 "John D. Hardin"
<jh...@impsec.org> wrote:
> Send it over an ssh tunnel so that to the MTA it appears to be coming
> from 127.0.0.1. That's how I do it.
Any way to do that with sendmail at both ends? Currently I use an AuthInfo
entry in the sending MTA's access DB, and a mailertable entry (or smarthost
in sendmail.mc) to direct mail to the receiving MTA for domains that don't
like dynamic senders. So the dynamic IP in the Received headers should show
up as authenticated for the host with static IP.
Re: "Vouching" for mail from a dynamic IP (was: SPAM-LOW: Re: Spam
Assassin Detecting our emails as spam)
Posted by "John D. Hardin" <jh...@impsec.org>.
On Mon, 22 May 2006, Kenneth Porter wrote:
> How does another machine "properly vouch for it"? If I route my mail to a
> colocated host under my control, how do I make that host vouch for the mail
> from my house?
Send it over an ssh tunnel so that to the MTA it appears to be coming
from 127.0.0.1. That's how I do it.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The problem is when people look at Yahoo, slashdot, or groklaw and
jump from obvious and correct observations like "Oh my God, this
place is teeming with utter morons" to incorrect conclusions like
"there's nothing of value here". -- Al Petrofsky, in Y! SCOX
-----------------------------------------------------------------------