No subject
Tue May 4 09:08:51 PDT 2021
dominant-carrier telcos) one guess is that you are 'grandfathered' on a
service package they no longer offer at all.
Hence they *want* those still on it to cancel and upgrade. Denying a
proper RR becomes a tool in that progression, will probably be justified
on the 'obsolete package, no-such feature, end of story', grounds.
BTW: the IP address (63.195.85.27) is not in any "DNS based
blocklist" that I know of. It's not even "classified" as dynamic IP
in any of those. Moreover, there is a PTR record for it (as those who
claim to know something about RFCs could have easily checked.)
ACK - but that is part of the burden you need to get out from under.
Within a dynamic block or not, (SORBS don't list it as such...) that RR
is precisely the sort of RR that *specifies* a dynamic IP not assigned
to any one organization:
adsl-63-195-85-27.dsl.snfc21.pacbell.net
rDNS quite aside, we would catch it in three different acl's on the
'dsl' string match on my servers.
Dunno how Matt is doing it, but suspect a similar tool.
It would be nice if it was possible to configure sendmail to not
block any STARTTLS secure mail regardless of the ip or rDNS of the
sender,
That's not a good idea. Spammers can easily set up TLS.
Not a good idea 'naked' - but while RFC provides wiggle-room w/r whether
one uses TLS, an SSL tunnel, VPN, matching certs, or whatever - RFC and
BCP are quite specific that the relay-submission function (as used by
customer's MUA's) - require valid authentication.
Just for comparison, Exim's flag is tested with simply:
authenticated = *
where the right side *could* be a complex test or a lookup.
But we've already matched to a specific port AND the non-standard
protocol our user community must utilize as well as their UID:GID and
pwd match when we set that flag.
I'm sure sendmail's rule syntax is different, but trust that the same
functionality already exists.
;-)
as you web-page suggests; but to my knowledge, such configuration
of sendmail is quite non-trivial, so most people don't use it. If
you could provide some examples on the web-page where you make this
suggestion, or, better yet, include such examples in the default
configuration file, it would, IMHO, be the best approach to this
problem.
I'll take a look, thanks for the suggestion.
Bill
More information about the Kernel
mailing list