Question about Postfix, SA and rbl checks

Gunnar Wrobel wrobel at pardus.de
Mon Jun 23 13:53:01 CEST 2008


Hi Jens,

Jens Kleikamp <jens at codes-concepts.com> writes:

> Hi Guys,
>
> I got a false positive which is tagged by SA and the
> following rules hit the mail:
>
> "RCVD_IN_BL_SPAMCOP_NET=4.1, RCVD_IN_PSBL=3"
>
> Besides SA I also setup postfix to do some rbl checks as well.
> I set "reject_rbl_client bl.spamcop.net," to the
> smtpd_recipient_restrictions directive.
>
> Now I try to understand why the mail passed the mta checks, but was hit
> by SA (RCVD_IN_BL_SPAMCOP_NET).
>
> I tried to analyse the source code of the email which is also availeable
> at http://nopaste.biz/44497
>
> I identify 3 third-party systems in the received headers:
>
> Sender (DSL Conncection) --> ISP Mailsever (clean) --> mozdev
> mailinglist server (also clean)
>
>
> The sender delivered the mail over an authenticated smtp connection to
> his isp mailserver which then sends the mail to the mozdev
> mailinglist-server which then sends the mail to my mailserver.
> My guess is that postfix did a rbl check of the IP from the mozdev
> system which is clean, so mail passed. ( I think this is okay )
>
> But then SA did not use the mozdev IP but the original sender
> dynamic-dsl IP address for the rbl check. I think that is not
> okay since the dynamic IP of the sender doesn?t have any important
> meaning because the sender used an authenticated smtp session, So it
> should not be used by SA to do rbl checks.

I think Thomas answered this on IRC but to make this more persistend I
just post his response here, too.

08:33 <ThomasAH> Jense: reject_rbl_client only looks at the IP connecting to
      your server, SA looks at more Received: headers

Cheers,

Gunnar

>
>
> Thank you in advance
>
> best regards
> Jens
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users

-- 
______ http://kdab.com _______________ http://kolab-konsortium.com _

p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium

____ http://www.pardus.de _________________ http://gunnarwrobel.de _
E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
Tel.   : +49 700 6245 0000                          Bundesstrasse 29
Fax    : +49 721 1513 52322                          D-20146 Hamburg
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   >> Mail at ease - Rent a kolab groupware server at p at rdus <<                 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




More information about the users mailing list