Bowie Bailey wrote:
It's definitely coming from an external network.
Yes, I understand that your servers are separated in different IP
blocks and in different facilities, but that is irrelevant. When I
say that the email is coming from an external network, what I mean is
that it is originating from a server that is not in your
trusted_networks list.
All of the servers that you control should be listed in
trusted_networks. This tell SA that it can trust the headers coming
from them and trust them not to originate spam.
OK. Now we're on the same page. I had misunderstood the definition of
"local" as "the same IP block", rather than "the group of trusted servers".
I can understand not wanting to post email addresses, but IP addresses
are not private information in most cases.
I can redo this with live data that shows real data that I'm comfortable
with disclosing. See below.
As noted by Matt Kettler, whitelist_from is very dangerous for exactly
that reason. Don't use it.
Makes sense. That's the point of the exercise. Now I just need to get
the mechanics working.
The solution to the problem depends on exactly what you want to
accomplish.
If you want the email to bypass scanning completely, then that needs
to be addressed outside of SA. Once a message is passed to SA, it
WILL be scanned -- there is no method to prevent it.
If you want to avoid local mail being marked as spam, this can be done
in SA with a combination of settings.
For this, I don't need to bypass SA scanning, but it would be an
alternate path.
trusted_networks
internal_networks
whitelist_from_rcvd
The bottom line is that there is no way to prevent an email from being
scanned once it gets to SA, but you can take steps to prevent it from
being marked as spam.
That's not a problem. The real issue is making sure that we don't trust
forged From: lines.
Also, SA doesn't care how widely scattered your MXs are as long as it
knows who they are. Don't think of it as multiple separate networks
containing mailservers, think of it as a single logical network
containing all of the mailservers you control.
OK. That's exactly where I want to go.
From there, I've done more tinkering, but still not getting the results
I want. Another try on raw data.
Starting with settings in sa-mimedefang.cf:
# IP addresses of trusted hosts -- use these instead of whitelisting our domains
trusted_networks 68.99.120.79
internal_networks
whitelist_from_rcvd [EMAIL PROTECTED] lakecmmtao05.coxmail.com
I hadn't had a setting for internal_networks, but reading the man
definition, it seems worth putting it there with a null definition.
From there, I generated a message that was delivered with the following
relevant headers:
Received: from lakecmmtao05.coxmail.com (lakecmmtao05.coxmail.com
[68.99.120.79] )
by pulsar.lfa.com (8.13.1/8.13.1) with ESMTP id j8NJ4Oxs027324
for <[EMAIL PROTECTED]>; Fri, 23 Sep 2005 12:04:25 -0700
Received: from [192.168.1.100] (really [24.249.175.230])
by lakecmmtao05.coxmail.com
(InterMail vM.6.01.05.02 201-2131-123-102-20050715) with ESMTP
id <[EMAIL PROTECTED]>
for <[EMAIL PROTECTED]>; Fri, 23 Sep 2005 15:04:19 -0400
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 23 Sep 2005 12:03:32 -0700
From: NFN Smith <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [SPAM: 7.737] Spam test #6
X-Spam-Status: Yes
X-Spam-Score: 7.737 (*******) (required=4) tests=BLANK_LINES_70_80,CLICK_BELOW,E
XCUSE_3,FREE_CONSULTATION,MAILTO_TO_REMOVE,NO_OBLIGATION,ONE_TIME_MAILING,REMOVE
_IN_QUOTES,REMOVE_SUBJ,RISK_FREE
X-Scanned-By: MIMEDefang 2.44
Thus, I sent a message through a coxmail.com server, showing the
sacbeemail.com address in the From: line (a combination I want to trust,
at least for testing purposes), and addressed to [EMAIL PROTECTED] The
target machine is lfa.com.
Relevant log entries show:
Sep 23 12:04:25 pulsar sendmail[27324]: j8NJ4Oxs027324: from=<[EMAIL PROTECTED]>,
size=1607, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA,
relay=lakecmmtao05.coxmail.com [68.99.120.79]
Sep 23 12:04:26 pulsar mimedefang.pl[27269]:
MDLOG,j8NJ4Oxs027324,spam,7.737,68.99.120.79,<[EMAIL PROTECTED]>,<[EMAIL
PROTECTED]>,Spam test #6
Sep 23 12:04:26 pulsar sendmail[27324]: j8NJ4Oxs027324: Milter change: header
Subject: from Spam test #6 to [SPAM: 7.737] Spam test #6
Sep 23 12:04:26 pulsar sendmail[27324]: j8NJ4Oxs027324: Milter add: header:
X-Scanned-By: MIMEDefang 2.44
Sep 23 12:04:26 pulsar sendmail[27328]: j8NJ4Oxs027324: to=<[EMAIL PROTECTED]>,
delay=00:00:01, xdelay=00:00:00, mailer=local, pri=33885, dsn=2.0.0, stat=Sent
Thus, in the results that I'm getting, I don't have something quite
right in the combination of definitions between trusted_networks and
whitelist_from_rcvd. From what I've figured out so far, I seem to be
close, but I'm missing something small.
Thanks for your patience as I figure this out.
Regards,
Smith
