Re: compound reject: @senderdomain from right ip?.

From: Ronald F. Guilmette (no email)
Date: Thu Nov 01 2001 - 02:46:25 EST

• Next message: Greg A. Woods: "Re: another interesting spam trick..."
• Previous message: Greg A. Woods: "Re: another interesting spam trick..."
• Next in thread: Andy: "Telling postfix to pass mail along to another smtp server"
• Reply: Andy: "Telling postfix to pass mail along to another smtp server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

In message <>,
Meng Weng Wong <> wrote:

>On Wed, Oct 31, 2001 at 11:12:57AM -0800, Ronald F. Guilmette wrote:
>|
>| If you intend to use this feature (sender/client domain validation) then you
>| may perhaps also want the list of envelope sender domains that I am currentl
>y
>| applying this kind of ``validation'' to. If so, please see:
>|
>| http://www.monkeys.com/anti-spam/filtering/lists.html
>|
>
>While this patch answers an important need, administrators
>who choose to enable it should be aware that if your users
>have .forward at other locations this patch will break that
>forwarding.

Only if the original envelope sender domain is on the restriction list
(e.g. hotmail.com, yahoo.com, etc.)

But yes, you're right. If some perfectly legitimate Hotmail user, say
<>, sends e-mail to one of pobox.com's forwarding
mail accounts, say <>, and if that has been configured
to forward all mail sent to <> to some other user & site,
say <> and if the postmaster @ spam-adverse.org
is using my anti-forgery stuff, then yes the incoming (forwarded) mail
would get blocked, because it carries an envelope sender domain of hotmail.com
but it appears to be coming into spam-adverse.org from a server whose inverse
DNS puts it in the (non-matching) pobox.com domain.

>I would like to request that any sites which implement this
>patch should include an explicit allow for pobox.com client
>hosts so that mail forwarding to our mutual users doesn't
>get fubared.

Ths simplest solution to this problem is one that you are sure not to like...
just don't use forwarding services. But the more pragmatic and workable
solution is in fact exactly what you suggested, i.e. making a special,
overriding (whitelist) exception for domains such as pobox.com.

>before your sender/client restriction, put a
>check_client_access map that says pobox.com OK.

Right. I agree that that would be a Good Idea.

The same also goes for other such forwarding services, e.g. bigfoot.com,
netforward.com, usa.com, tripod.com (?), and the others. (There aren't
really very many of these.)

As you said, this should be an adjustment to smtpd_client_restrictions.
                                                   ^^^^^^
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users

• Next message: Greg A. Woods: "Re: another interesting spam trick..."
• Previous message: Greg A. Woods: "Re: another interesting spam trick..."
• Next in thread: Andy: "Telling postfix to pass mail along to another smtp server"
• Reply: Andy: "Telling postfix to pass mail along to another smtp server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]