On Sat, Apr 30, 2011 at 11:32 AM, /dev/rob0 <r...@gmx.co.uk> wrote:
> On Wed, Apr 27, 2011 at 10:33:58PM -0400, Michael Orlitzky wrote:
>> On 04/27/2011 10:27 PM, Michael Orlitzky wrote:
>> > There is a setting on some Barracuda appliances called "deep
>> > header inspection" or "deep header parsing" that does this.
>> > Nobody who understood it would ever turn it on. Nevertheless,
>> > it sounds good, right? If you put the box there, somebody will
>> > check it.
>>
>> I should clarify a little: the setting itself doesn't do anything
>> bad. However, when combined with certain blacklists (Barracuda's,
>> the PBL...), that setting essentially means "reject anything sent
>> from a house."
>
> Right. Possibly the majority of personal mail. To Mike, the OP, I
> would not try to fix this problem for them, because as Noel points
> out, you are going to have problems with other poorly-managed sites.
> At one time some simple testing I did suggested that Hotmail/MSN
> discarded my mail which was sent without any Received: headers. Not
> flagged as spam; according to the user it was simply gone. My logs
> showed successful delivery.
>
> Deep header parsing against Spamhaus PBL and XBL is explicitly
> mentioned in Spamhaus FAQs[1]. They are wrong to do that, and your
> mail surely is not the only legitimate mail they are blocking. The
> more you do to work around this site's mistake, the more you are
> contributing to the problem.
>
>> From what I understand, the appliance makes it a little too easy
>> to create this situation.
>
> A Barracudist on a different mailing list once begrudgingly
> acknowledged this as a bug, so I suspect that 'cuda support now is
> telling people not to do this. Mike could suggest that the other
> site, if (as we suspect, is behind a 'cuda), contact support.
>
> That said, sadly, I will offer another workaround, because I
> understand that sometimes we who DTRT need to commmunicate with
> others who do not.
>
> My family uses my own SOHO Postfix for mail submission. Their
> connections are made via RFC 1918 IP addresses, which appear in
> Received: headers. The SOHO Postfix connects to the relayhost (with
> static IP, custom rDNS, and DNSWL whitelisting) via OpenVPN, also
> using RFC 1918 addresses.
>
> Multiple Received: headers, and nothing to excite the deep header
> parsers, until they get the idea to filter on RFC 1918 addresses.
> AFAIK mail is getting delivered, for now anyway.
Just a small follow-up. Using SquirrelMail running on the mail server
I have since successfully emailed the customer that previously
rejected a conventional ESMTP message. Note that SquirrelMail also
includes the remote IP in the Received header (which so happens is the
exact same dynamic IP used for the previously rejected message):
Received: from 98.190.153.84
(SquirrelMail authenticated user whomever)
by www.busicorp.com with HTTP;
Fri, 29 Apr 2011 23:08:43 -0400 (EDT)
Message-ID: <55374.98.190.153.84.1304132913.squir...@www.busicorp.com>
Date: Fri, 29 Apr 2011 23:08:43 -0400 (EDT)
User-Agent: SquirrelMail/1.4.8-5.el5.centos.10
So apparently whatever filtering they're doing isn't as simple as
doing an RBL lookup on any IP found in Received headers. Maybe the
filter is picking up on some part of the
"pool-98-190-153-84.nwrknj.fios.verizon.net" like the "pool-" bit.
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
