On 6/4/2010 7:12 PM, Jeroen Geilman wrote:
On 6/4/2010 6:59 PM, Jeroen Geilman wrote:
554 5.7.1 Service unavailable;
Client host [69.63.178.167] blocked using bl.spamcop.net; Blocked - see
http://www.spamcop.net/bl.shtml?69.63.178.167;
from=<notification+o=6pg...@facebookmail.com>
to=<d...@mykitchentable.net> proto=ESMTP helo=<mx-out.facebook.com>
OK, I get it. Facebook email is being blocked because servers it uses
are on a SpamCop blacklist. How can I allow mail from servers
identifying themselves as<anything>.facebook.com before blacklist
processing?
You may want to put facebook in check_helo_access instead; however, this
opens you up to all sorts of spam unless you also require proper
forward+reverse DNS for MXen.
Put in the prelevant reject_*_helo and reject_non-fqdn_* restrictions so
HELOs will be worth checking; then implement check_helo_access for your
facebook issue.
I would avoid using check_helo_access for any kind of whitelisting
since it's easily and frequently forged. Use check_helo_access for
whitelisting only as a last resort.
A far better choice is to whitelist by the client name or IP block.
I agree completely, however, this is what he asked for; and I don't
recognise the client hostname as being in any way related to facebook.
If the client hostname is not dependable, that would not be useful to
check for.
J.
You have to do 30 seconds of research...
$ host -t txt facebookmail.com
facebookmail.com descriptive text "v=spf1 ip4:69.63.178.128/25
ip4:69.63.184.0/25 ip4:66.220.144.128/25 -all"
Looks as if the client in question is listed as a valid source IP.
$ whois tfbnw.net
...
(all kinds of facebook contact info)
...
(facebook name servers)
...
Looks as if the client hostname is owned by facebook.
Whitelisting by client hostname is the right choice. Always
exhaust other possibilities before using a HELO based whitelist.
-- Noel Jones
