On Thu, 17 Jul 2003, Tony Earnshaw wrote:
> David B Funk wrote:
>
> > For example, in the attached message the source was an AOL
> > dialup "AC826956.ipt.aol.com [172.130.105.86]" which hit
> > 6 RBLs ;() (with 'dnsbl.njabl.org' being added TWICE).
>
> You don't seem to be studying what is reported in the 2 NJABL evals with
> enough attention. They are both about different things.
> RCVD_IN_NJABL_DIALUP is complaining that 172.130.105.86 did not send
> smtp mail via its ISP, AOL, which many mail servers insist on for most
> dynamically allocated dialup IP numbers - since their source can not be
> verified - and many spammers use them for that reason.
OK, I'm sorry I wasn't clear enough about the environment. The AOL client
was using a web browser (HTTP not SMTP) to sent the message, via a
webmail (HTTP-2-IMAP/SMTP) gateway (running 'IMP'). I understand about
requiring dial-up clients using their ISP for SMTP transactions, but this
was HTTP.
AOL-client (HTTP) => webmail gateway.
webmail gateway (SMTP) => campus SMTP server...
Thus that first hop should NOT have been tagged as violating the DIALUP
restrictions.
If you look closely at the headers, you'll see that the first
'Received:' header is tagged as using HTTP (not SMTP) protocol.
Received: from localhost (webmail2-maint.its.uiowa.edu [128.255.56.154])
by day.its.uiowa.edu (8.12.9/8.12.9/ns-mx-1.14) with ESMTP id h6H21naK015350;
Wed, 16 Jul 2003 21:01:49 -0500
Received: from AC826956.ipt.aol.com (AC826956.ipt.aol.com [172.130.105.86])
by webmail2.its.uiowa.edu (IMP) with HTTP
for <[EMAIL PROTECTED]>; Wed, 16 Jul 2003 21:01:49 -0500
I realize that this is a rather unusual kind of header to find in a
mail transaction, but it is a correct usage of the protocol.
I would like to be able to use the DIALUP RBLs for catching SMTP
violators, but that IMP webmail gateway is a very popular thing
on our campus and heavily used.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
