Re: Sendmail/Blacklists rejecting authenticated users



Scott Gifford(sgifford@xxxxxxxxxxxxxxxx)@Wed, Jan 11, 2006 at 04:47:05PM -0500:
> Michael Knox <mikeknox@xxxxxxxxxxxx> writes:
>
> > Quick question regarding dnsbl's... The other day I was in the
> > Pittsburgh airport trying to send an email using their free wifi.
> > Unsurprisingly this network's ip range is listed on a few of the
> > blacklists. This resulted in my mail server rejecting my connection
> > when I tried to send some emails. Does anyone know how I can
> > configure sendmail/procmail to not check the IP addresses against the
> > dnsbls for authenticated users? I have already done a fair amount of
> > googling but haven't come up with anything workable,
>
> The easiest way is to run an SMTP server on another port, which does
> not use an RBL and only accepts authenticated connections. Good
> candidates are 587 (SMTP Submit port) or running SMTPS (SMTP over SSL)
> on port 465.

I'm a postfix user, but I'm sure that sendmail can do soemthing similar.

In all of the places where I use RBLs, I put a rule before them to allow
authenticated users. Thus, something like this:

smtpd_helo_restrictions = permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client postmaster.rfc-ignorant.org

Because permit_sasl_authenticated is first, authenticated users bypass
all of the restrictions.

> > nor can I think of a good way to test (since I don't have access to
> > a blacklisted network).
>
> Most blacklists put 127.0.0.2 on their blacklist for testing, so you
> can do:
>
> telnet 127.0.0.2 25
>
> from the server to test.

Uh... I don't think that's going to work. Even if a server uses a
blacklist that lists 127.0.0.2, that's not always going to provide
reverse DNS for that IP. Even if it does, telnet to that should just
come back to the same machine (maybe) or nowhere (probably).

As far as testing is concerned, your best bet is to just blacklist the
dynamic IP your modem has (DSL modem, cable box, what have you) and try
from there. This is assuming that the server is somewhere other than
your home connection, but that's not too much of a stretch. If it is,
get a shell somewhere and try it from there.

--
Bill Weiss

about 50 per cent of the [United States] population now believes that Iraq
was responsible for the attack on the World Trade Center.
-- Noam Chomsky



Relevant Pages

  • Re: Email Blacklisted RV Parks
    ... one of the internet email blacklists. ... The SMTP email server at isp.com ... connection when I try to send email while I'm connected to the RV park's ... to send out it refuses based on the server you are trying to reach through ...
    (rec.outdoors.rv-travel)
  • Re: Email Blacklisted RV Parks
    ... one of the internet email blacklists. ... The SMTP email server at isp.com ... connection when I try to send email while I'm connected to the RV park's ...
    (rec.outdoors.rv-travel)
  • Re: Can not receive and Send Email
    ... We make a connection from a email program working on the same server where ... clients can use each protocol we config to be use but POP and SMTP did not. ... > authenticated users. ...
    (microsoft.public.isa)
  • Re: Sendmail/Blacklists rejecting authenticated users
    ... > dnsbls for authenticated users? ... The easiest way is to run an SMTP server on another port, ... Most blacklists put 127.0.0.2 on their blacklist for testing, ...
    (Focus-Linux)
  • Re: SMTP server for mass email
    ... server being blacklisted. ... listed in RHS blacklists. ... 'MX record for domain pointing to hostname + A record for hostname ... There's a common problem when outbound gateways behind the same ...
    (microsoft.public.inetserver.iis.smtp_nntp)