[Mimedefang] Cross-Post about SA Rule RCVD_IN_DYNABLOCK returning false positives

Nels Lindquist nlindq at maei.ca
Thu Oct 2 21:36:00 EDT 2003


On 1 Oct 2003 at 11:29, VonEssen, John wrote:

> Blocking Dialup/DSL IPs of users who run their own local SMTP
> server for spamming... now that's a different story. But that is not
> what DYNABLOCK is doing.

That's exactly what it's *supposed* to be doing--the DYNABLOCK test 
should only kick in for the relay connecting directly to your MTA.  
Any "typical" dynamic IP address holder relaying outbound mail via 
their ISP's MTA shouldn't trigger this test.

However, as your post on SA-Talk explained, yours is a special case 
because you have clients connecting directly to your server.

By what method do you ensure that only your clients can relay through 
your server, though?  I'd expect the easiest way would be to utilize 
SMTP AUTH, and if that's the case, then you could simply avoid 
calling SpamAssassin for your clients' mail in the first place.

Within your mimedefang-filter, check for the presence of the 
appropriate Sendmail macro:

eg:

if (! exists($SendmailMacros{'auth_authen'}) {
    ($hits, $req, $tests, $report) = spam_assassin_check();
}

Or if you're authenticating by IP address, you could use:

if ($RelayAddr !~ /$ClientRelays/) {
    ($hits, $req....
}

> Obviously, I'll just remove the DYNABLOCK test from SA. But like I said,
> the last couple of weeks/months have been very annoying given all these
> RBL issues. I might drop all of them except for a few (ORBD, SpamCop,
> etc.,.) and rely mainly on PYZOR, DCC, and content filters.

If you can avoid running SA for your clients' mail, then you 
shouldn't have to disable *any* tests for non-client mail.  

----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.




More information about the MIMEDefang mailing list