OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: wish list: RBL processing on trusted Received IP addresses

From: Wietse Venema (wietseporcupine.org)
Date: Tue Sep 02 2003 - 10:38:11 CDT

Sounds like this could be done with the proposed XADDR command
(change Postfix's idea of the SMTP client IP address) and a tiny
proxy daemon script. I would not consider coding this thing into
Postfix C code.

    ISP -> smtpd -> proxy -> smtpd -> cleanup -> queue
          Postfix Postfix Postfix Postfix

The proxy would extract the client IP address from the first Received:
message header and then pass the email back to Postfix after using
the XADDR command.

        Wietse

Tony Earnshaw:
> Jim Seymour wrote:
>
> > Nothing like this is available, natively, in Postfix. And for good
> > reason.
>
> What's the good reason? Or reasons?
>
> Everything you say below cannot be done (with the exception of the
> discourse on the pointlessness of backup mail exchanges) can in fact be
> done (and I do do them) with Postfix 2.0.14 smtpd proxy/amavisd-new and
> SpamAssassin 2.60.
>
> >>I realize that the trusted_client_restrictions would occur only after
> >>the DATA/message was received, but that would still be a BIG help.
> >
> > How, exactly? You can't reject it, once one of your "trusted sites"
> > has accepted it. If you do, it will be sent back to probably an
> > invalid sender.
>
> amavisd-new/SA 2.60 passes spam from whitelisted senders and quarantines
> spam from others.
>
> >>For example:
> >>
> >>* trusted MX sites
> >>
> >> If you trust your backup MX sites, you could add them to the
> >> trusted-clients list. You could them perform RBL blocking on
> >> IP address of the sites that sent you EMail through them.
> >
> > First of all: A "backup MX" is almost completely worthless if all it's
> > doing is sending it along to your primary MX, as it usually does
> > nothing positive for you.
>
> Agree there.
>
> However.
>
> I get all my mail from my ISP's store-and-forward mailkick server. You
> could compare it to a vitally important backup MX, since there is no
> primary. Since all the ehlos are from it and messages are sent
> sequentially after the first ehlo, I have no possibility of doing
> Postfix header checks, mime checks, body checks etc. etc. I *have* to
> rely on SpamAssassin.
>
> [...]
>
> >>* trusted mailing forwarding sites
> >>
> >> You receive EMail on a site that forwards EMail to you (say via
> >> .forward or some other mechanism). You could them perform RBL blocking on
> >> IP address of the sites that send you EMail via this forwarding site.
> >
> > No, you cannot "perform RBL blocking" in such a scendario.
>
> amavisd-new and SA 2.60 can. I do.
>
> > You could,
> > at best, perform email bouncing based on DNSbl lookups.
>
> With Postfix 2.0.14/smtpd proxy/amavisd-new you can smtpd reject and
> *still* do RealTimeBlackListing.
>
> > Again: Boucing
> > to the sender address will usually result in a bounce to the wrong
> > person. (I'm becoming so fed up with people doing this that I'm
> > beginning to consider just locally blocklisting such sites.)
>
> Agreed. But with Postfix 2.0.14/smtpd proxy/amavisd-new you can smtpd
> reject.
>
> > Btw: "RBL" is a registered service mark of Mail Abuse Prevention
> > Systems, LLC. (MAPS).
>
> Could be. Who owns RealTimeBlackListing?
>
> > Please use DNSbl when referring to DNS-based
> > block-/black-lists.
>
> Shan't.
>
> >>Has something like this been done? Is anyone interested in implementing
> >>(or helping implement) such a feature?
> >
> > Not that *I* know of, and no, respectively.
>
> Well, the SpamAssassin and the Postfix and the amavisd-new guys have.
> And I implement what they have instituted and constituted.
>
> Moral, old Norwegian proverb: "You have to see much new and hear much
> new before your eyes fall out and your ears fall off" (ein skal sjao
> mykje rart og hoeyra mykje rart fyrre auga fedle ut og oeyra detta ao).
>
> And since you are in the corrective mood, I'd exhort you to use a
> spelling checker before sending your messages. Being as what you comes
> across like a well educated gent and all ...
>
> --Tonni
>
> --
> Tony Earnshaw
>
> Looking backwards is always easy with hindsight
>
> http://www.billy.demon.nl
> Mail: tonnibilly.demon.nl
>
>
>