I've tusseled with this and eventually I gave up and setup a cheap PC
with FreeBSD that does nothing other than serve authenticated SMTP for
customers. Obviously it does not run spamassassin. It relays all mail
(inbound and outbound) to the main server.
The one thing I would advise if you do this is to apply a limit to
the maximum number of message recipients and if you can, rate-limit the
mail. Sooner or later a spammer will discover one of your user's
passwords and they will commence relaying through the server. Also,
I would STRONGLY advise that you block inbound port 25 on this server
and only permit inbound traffic on port 587, the submission port.
Ted
On 12/17/2010 8:28 AM, Aaron Bennett wrote:
Hi,
I've got an issue where users off-campus who are doing authenticated SMTP/TLS
from home networks are having their mail hit by the PBL. I have
trusted_networks set to include the incoming relay, but still the PBL hits it
as follows:
Received: from cmail.clarku.edu (muse.clarku.edu [140.232.1.151])
by mothra.clarku.edu (Postfix) with ESMTP id D4FC2684FEA
for<re...@clarku.edu>; Tue, 7 Dec 2010 00:11:24 -0500 (EST)
Received: from SENDERMACHINE (macaddress.hsd1.ma.comcast.net
[98.216.185.77])
by cmail.clarku.edu (Postfix) with ESMTP id 82F21901E48
for<re...@clarku.edu>; Tue, 7 Dec 2010 00:11:24 -0500 (EST)
From: "USER NAME"<sen...@clarku.edu>
Despite that internal_networks and trusted_networks are set to 140.232.0.0/16,
the message still triggers the PBL rule. Given that I know that (unless
there's a trojaned machine or whatever) I must trust email that comes in over
authenticated SMTP/TLS through the 'cmail' host, how can I prevent it from
hitting the PBL?
Thanks,
Aaron
---
Aaron Bennett
Manager of Systems Administration
Clark University ITS
