On Wed, 9 Apr 2008, Victor Sudakov wrote:
SM wrote:
At 22:02 08-04-2008, Victor Sudakov wrote:
I have the following rule in local.cf:
whitelist_from_rcvd [EMAIL PROTECTED] dtdm.tomsk.ru
[snip..]
Received: from mail.sibptus.tomsk.ru [212.73.124.5]
by admin.sibptus.tomsk.ru with POP3 (fetchmail-6.3.8)
for <[EMAIL PROTECTED]> (single-drop); Tue, 08 Apr 2008
15:08:02 +0700 (OMSST)
Received: from gw.dtdm.tomsk.ru ([213.183.100.11] verified)
by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.13)
with ESMTPS id 9838562 for [EMAIL PROTECTED]; Tue, 08 Apr 2008
15:05:54 +0700
That rule does not match the host in the Received: header. The host
shows up as an IP address.
No, the host shows up as "gw.dtdm.tomsk.ru" which matches "dtdm.tomsk.ru".
To prevent forgeries from exploiting whitelist_from_rcvd SA checks
the DNS reverse -and- forward maps of the IP address in the Received:
header. If they do not match the domain specified in the
whitelist_from_rcvd rule it does not apply.
Your IP address in that header, [213.183.100.11], has a DNS reverse map
of dtu.net.tomline.ru which does -NOT- match the domain dtdm.tomsk.ru
in your rule thus SA will not accept that for whitelist_from_rcvd.
You have two choices, either get 213.183.100.11 to DNS map to
gw.dtdm.tomsk.ru or use some other whitelist method such as
whitelist_from_spf (which will work as there are matching SPF
records published for dtdm.tomsk.ru)
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
