[milters] Archive

Lists Index Date Thread Search

Article: 163
From: Christian 'CBE' Benner
Date: 2004-10-18 06:07:47 -0400
Subject: [SIQ] 027 RE: Re: How to cope with big big big but braindead ISPs

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Hi Anthony (and others),
does 

milter-sender-helo:mx*.smf.ebay.com     OK
milter-sender-helo:mx*.sjc.ebay.com     OK

does also work ?

ebay is such a brainded company which can't set up
internal DNS for their MX's correctly


I'll not specify 

 	ClientRejectPrivateB=0
 	HeloRejectPrivateB=0


so that all others handled correctly only
the ebay servers should be passed trough.


Or do I must specify each mx with his number
by itself ?

Thx in advance

Best regards

Chris

> -----Original Message-----
> From: milters-bounce@milter.info [mailto:milters-bounce@milter.info]On
> Behalf Of Anthony Howe
> Sent: Friday, October 01, 2004 12:06 PM
> To: milters@milter.info
> Subject: [milters] Re: How to cope with big big big but braindead ISPs
> 
> 
> Removal...........: milters-request@milter.info?subject=remove
> More information..: http://www.milter.info/#Support
> --------------------------------------------------------
> 
> Sascha Vogt wrote:
> 
> > Now this ISP, lets call them AON from now on, uses 12 dedicated 
> > SMTP-Servers to deliver mail of their dialup and 
> DSL-customers. They are 
> > called email01... to email12.aon.at. Dont ask me why but if 
> you dig for one 
> > of these hosts in DNS you will learn they are using RFC 
> 1918 addresses for 
> > them and have no MX-Records defined.
> > 
> > For incoming traffic they have another one, called 
> email.aon.at with a real 
> > IP-Address and of course the MX-Record of aon.at is 
> pointing to that host.
> > 
> > So of course milter-sender refuses to accept mail from 
> these 12 servers and 
> > gives them a nice errormessage explaining that they are 
> violating RFC 3330 
> > and some other and therefore are f*cking loosers.
> > Wonderfull, really nice :-)
> > 
> > But...
> > 
> > 40% Marketshare, are FOURTY PERCENT! Thousands of 
> employes... A call-center 
> > with at least three levels to filter callers before they 
> might get in touch 
> > with a person who might have heard something like RFCs exists...
> > 
> > And of course nobody would expect somebody to read the 
> log-files of those 
> > 12 servers...
> > 
> > And my users are moaning for mail of their beloved ones...
> > 
> > But being a real fan of Marks milters I wouldn't open some 
> those options in 
> 
> Mark?  Who's Mark?  milter-sender is written by Anthony.  Hmm. Sounds 
> like a Copyright violation to me.
> 
> > milter-sender or generally white-list aon.at-users. Here's 
> my way to handle 
> > such a braindead ISP.
> 
> Since email*.aon.at publish RFC 3330 in public internet 
> space, which is 
> a stupid thing to do, but some universities and other 
> supposedly clever 
> institutions are too lazy to setup a private internal DNS.
> 
> 	email12.aon.at.         1D IN A         172.18.5.90
> 
> This is a private B class network, so make sure 
> milter-sender.cf specifies:
> 
> 	ClientRejectPrivateB=0
> 	HeloRejectPrivateB=0
> 
> Also you want to disable
> 
> 	ClientIsForged=0
> 
> since the reverse PTR lookup and forward DNS will never work. 
> This might 
> also be required:
> 
> 	ClientNeedsPTR=0
> 
> > Make entries for those hosts with RFC-1918 addresses in 
> your local hosts 
> > file. Give them the IP of the inbound Server (email.aon.at)
> > 
> > 195.3.96.71 email01.aon.at
> > .
> > .
> > 195.3.96.71 email12.aon.at
> > 
> > Create /etc/mail/mailertable entries for each of them to...
> > 
> > email01.aon.at	esmtp:email.aon.at
> > .
> > .
> > email12.aon.at	esmtp:email.aon.at
> > 
> > Works!
> > 
> > Milter-Sender see's a valid IP for those hosts now and 
> doesn't claim 
> 
> Actually it sees that you have done something special with 
> mailertable 
> are willing to route them. Of course spam from email*.aon.at 
> can now be 
> relayed to email.aon.at, but its limited.
> 
> > RFC-3330 violations any more and he asks email.aon.at to verify the 
> > senders. AND none of the filter-mechanisms had to be 
> disabled for the rest 
> > of the world.
> 
> Cute. Essentially you have given the mail servers from 
> private IP space 
> the public IP address of their MX in /etc/hosts. I'm curious why you 
> added the mailertable entries though?
> 
> The solution I would have suggested would have been to add to 
> /etc/mail/access:
> 
> 	milter-sender-connect:email01.aon.at 		OK
> 	...
> 	milter-sender-connect:email12.aon.at 		OK
> 
> Which of course allows these servers to by-pass milter-sender 
> hopefully 
> to be caught be a 2nd spam defence.
> 
> -- 
> Anthony C Howe                                 +33 6 11 89 73 78
> http://www.snert.com/       ICQ:
7116561         AIM: Sir Wumpus
> 
>             "Once...we were here."  - Last of The Mohicans
> 
> 




Lists Index Date Thread Search