[BlueOnyx:13043] Re: Problem with dnsbl zen.spamhaus.org

Ken Marcus kenlists at precisionweb.net
Fri May 17 11:30:33 -05 2013 

On 5/17/2013 8:51 AM, David Thacker wrote:
>> I think if you set the option to "Delay Checks" then they could still
>> send.
> Greetings Ken,
>
> That's what I thought as well, but not what I actually observed on my
> BX5107 servers.
>
> I do not use the AV-SPAM package, I use a hosted MX based spam & AV filter
> service instead. To address the spammers' attempts to bypass the mx filter
> by connecting directly to my SMTP, I added zen.spamhaus.org on the
> Blacklisting tab of the Email Servers Settings in Network Services >
> Email. That took care of those hoseheads trying to bypass the MX.
>
> I checkmarked the "Enable delay_checks" option on the Advanced tab,
> because of this description for that option:
>
> "delay_checks changes the order Sendmail checks if a connection is correct
> or not, this is a good option to us if you use RBL blacklists."
>
> I thought that would enable customers sending email out via my SMTP that
> connect with SMTP-AUTH to bypass the RBL check, but it did not. Even
> thought the customer logged in with SMTP-AUTH, they were then blocked from
> sending mail by the RBL.
>
> I had to add their IP connection hostname to the relay list in order to
> allow them to send mail. Not a big deal in this particular case because I
> know where these customers are coming from, but still I thought if they
> logged in via SMTP-AUTH they should be verified and not have to then go
> through the RBL check as well.
>
> Regards,
>
> dAvid tHacker                                  Email: David at ThackerNet.com
> Thacker Network Technologies Inc.                http://www.ThackerNet.com
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

I see when I look up the IP that I am connecting from at the 
http://www.whatismyip.com/ <http://www.whatismyip.com/> site, that my  
IP is not listed as dynamic.
So, I can't actually test it myself now.


Also, what I used to do is enable poprelay, then in the sendmail.cf I'd 
edit it to allow all IPs that were in the poprelayd database.
The section I'd edit is below.


######################################################################
###  check_relay -- check hostname/address on SMTP startup
######################################################################


SLocal_check_relay


#begin ken changes
# Put address in cannonical form
R$*                $: $>Parse0 03 $1
R$* < $* > $*        $: $1 < $2 . > $3
R$* < $* . . > $*        $1 < $2 . > $3
# Test against pop-before-relay hash
R$*                $: < $&{client_addr} >
R< $* >            $(popauth $1 $)
R$* < MATCH >        $#OK
#end ken changes







-- 


Ken Marcus
www.precisionwebhosting.com
Precision Web Hosting, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20130517/a33676ac/attachment.html>

More information about the Blueonyx mailing list