Re: Sendmail/Blacklists rejecting authenticated users

Scott Gifford(sgifford@xxxxxxxxxxxxxxxx)@Wed, Jan 11, 2006 at 04:47:05PM -0500:
> Michael Knox <mikeknox@xxxxxxxxxxxx> writes:
> > Quick question regarding dnsbl's... The other day I was in the
> > Pittsburgh airport trying to send an email using their free wifi.
> > Unsurprisingly this network's ip range is listed on a few of the
> > blacklists. This resulted in my mail server rejecting my connection
> > when I tried to send some emails. Does anyone know how I can
> > configure sendmail/procmail to not check the IP addresses against the
> > dnsbls for authenticated users? I have already done a fair amount of
> > googling but haven't come up with anything workable,
> The easiest way is to run an SMTP server on another port, which does
> not use an RBL and only accepts authenticated connections. Good
> candidates are 587 (SMTP Submit port) or running SMTPS (SMTP over SSL)
> on port 465.

I'm a postfix user, but I'm sure that sendmail can do soemthing similar.

In all of the places where I use RBLs, I put a rule before them to allow
authenticated users. Thus, something like this:

smtpd_helo_restrictions = permit_sasl_authenticated,

Because permit_sasl_authenticated is first, authenticated users bypass
all of the restrictions.

> > nor can I think of a good way to test (since I don't have access to
> > a blacklisted network).
> Most blacklists put on their blacklist for testing, so you
> can do:
> telnet 25
> from the server to test.

Uh... I don't think that's going to work. Even if a server uses a
blacklist that lists, that's not always going to provide
reverse DNS for that IP. Even if it does, telnet to that should just
come back to the same machine (maybe) or nowhere (probably).

As far as testing is concerned, your best bet is to just blacklist the
dynamic IP your modem has (DSL modem, cable box, what have you) and try
from there. This is assuming that the server is somewhere other than
your home connection, but that's not too much of a stretch. If it is,
get a shell somewhere and try it from there.

Bill Weiss

about 50 per cent of the [United States] population now believes that Iraq
was responsible for the attack on the World Trade Center.
-- Noam Chomsky