Dave Funk wrote:
>
> >>>I have the following rule in local.cf:
> >>>whitelist_from_rcvd [EMAIL PROTECTED] dtdm.tomsk.ru
>
> >>>[snip..]
>
> >>>Received: from mail.sibptus.tomsk.ru [212.73.124.5]
> >>> by admin.sibptus.tomsk.ru with POP3 (fetchmail-6.3.8)
> >>> for <[EMAIL PROTECTED]> (single-drop); Tue, 08 Apr 2008
> >>>15:08:02 +0700 (OMSST)
> >>>Received: from gw.dtdm.tomsk.ru ([213.183.100.11] verified)
> >>> by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.13)
> >>> with ESMTPS id 9838562 for [EMAIL PROTECTED]; Tue, 08 Apr 2008
> >>>15:05:54 +0700
> >>
> >>That rule does not match the host in the Received: header. The host
> >>shows up as an IP address.
> >
> >No, the host shows up as "gw.dtdm.tomsk.ru" which matches "dtdm.tomsk.ru".
>
> To prevent forgeries from exploiting whitelist_from_rcvd SA checks
> the DNS reverse -and- forward maps of the IP address in the Received:
> header. If they do not match the domain specified in the
> whitelist_from_rcvd rule it does not apply.
>
> Your IP address in that header, [213.183.100.11], has a DNS reverse map
> of dtu.net.tomline.ru which does -NOT- match the domain dtdm.tomsk.ru
> in your rule thus SA will not accept that for whitelist_from_rcvd.
OK, this was a poor example. Here is a better one. Let's start anew :)
The rule is
whitelist_from_rcvd [EMAIL PROTECTED] mncs.tomsk.ru
The relay is mncs.tomsk.ru, as you see, whose forward and reverse DNS
mapping is correct.
Why does the rule not work with the message below?
=================================================
>From [EMAIL PROTECTED] Thu Mar 27 14:13:24 2008
X-Virus-Scanned: by clamd daemon 0.91.2 for FreeBSD at relay2.tomsk.ru
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on meow.tomsk.su
X-Spam-Level: ***
X-Spam-Status: No, score=3.4 required=5.0 tests=AWL,BAYES_50,HTML_MESSAGE,
MIME_HTML_MOSTLY,MISSING_SUBJECT,TVD_SPACE_RATIO autolearn=no
version=3.2.4
Return-Path: <[EMAIL PROTECTED]>
Received: from mncs.tomsk.ru ([212.73.124.135] verified)
by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.13)
with ESMTP id 9786656 for [EMAIL PROTECTED]; Thu, 27 Mar 2008 15:08:17 +0600
Received: from w2kermolovichi (w2kermolovichi.tom.transneft.ru [10.65.2.125])
by mncs.tomsk.ru (8.13.4/8.13.4) with SMTP id m2R97s5f024889
for <[EMAIL PROTECTED]>; Thu, 27 Mar 2008 15:07:54 +0600
Message-ID: <[EMAIL PROTECTED]>
From: =?koi8-r?B?6cfP0tggIOXSzc/Mz9fJ3g==?= <[EMAIL PROTECTED]>
To: =?koi8-r?B?68HC2dvF1yDyz83BziDuycvPzMHF18ne?= <[EMAIL PROTECTED]>
Subject:
Date: Thu, 27 Mar 2008 12:08:01 +0300
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_003D_01C89003.3466C0B0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1914
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1914
X-Virus-Scanned: ClamAV 0.92/6404/Thu Mar 27 01:31:21 2008 on mncs.tomsk.ru
X-Virus-Status: Clean
X-Spam-Status: No, score=-102.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,
HTML_MESSAGE,MIME_HTML_MOSTLY,MISSING_SUBJECT,TVD_SPACE_RATIO,
USER_IN_WHITELIST autolearn=no version=3.2.3
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on mncs.tomsk.ru
=================================================
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:[EMAIL PROTECTED]
