Mailing List Archive: exim: users

IP hearder checking for real time blacklist

Index | Next | Previous | View Threaded

kebba.foon at qcell

Nov 28, 2011, 5:37 AM

Post #1 of 6 (351 views)
Permalink

IP hearder checking for real time blacklist

Dear list,

I have been having an issues/concern with my mail server setup. because
MUA like outlook send along the IP of the originating client machine my
server tends to check this IP against the rbl sites, which i feel is not
right the checking has to be done on the outgoing mail server IP and not
the client sending the email. and recently i have been having similar
issues with the state.gov servers i can send emails without problems
from my mail server but some of our clients whose IP has been blacklist
cannot send emails to the same domain whiles their outgoing mail server
is configured to use my mail server.

well some of you might say why not ask the client to clean there
systems, this will be to much difficult as we an ISP with hundred's of
client and most of this IP's are behind huge NATed networks you can't
just tell them to "clean their network".

i will be happy if there is a way to strip of the client IP on my server
before further transmission to destination mail server. this way i will
have only the trouble of making sure my server is not blacklisted
anywhere.

Thanks
Kebba

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

david at ols

Nov 28, 2011, 7:04 AM

Post #2 of 6 (330 views)
Permalink

Re: IP hearder checking for real time blacklist [In reply to]

Hi

te problem gets amplificated when users have dinamic ip address and such
this
servers are blocking clean users, you can use this to avoid publishing
your users
ip address:

received_header_text = Received: \
${if and {{def:sender_rcvhost}{!def:authenticated_id}}\
{from $sender_rcvhost\n\t}\
{\
${if def:sender_ident {from ${quote_local_part:$sender_ident} }{\
${if def:authenticated_id {from
${quote_local_part:$authenticated_id} }}\
}}\
${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}\
}\
}\
by $primary_hostname \
${if def:received_protocol {with $received_protocol}} \
${if def:tls_cipher {($tls_cipher)\n\t}}\
(Exim $version_number)\n\t\
${if def:sender_address \
{(envelope-from <$sender_address>)\n\t}}\
id $message_exim_id\
${if def:received_for {\n\tfor $received_for}}

> Dear list,
>
> I have been having an issues/concern with my mail server setup. because
> MUA like outlook send along the IP of the originating client machine my
> server tends to check this IP against the rbl sites, which i feel is not
> right the checking has to be done on the outgoing mail server IP and not
> the client sending the email. and recently i have been having similar
> issues with the state.gov servers i can send emails without problems
> from my mail server but some of our clients whose IP has been blacklist
> cannot send emails to the same domain whiles their outgoing mail server
> is configured to use my mail server.
>
> well some of you might say why not ask the client to clean there
> systems, this will be to much difficult as we an ISP with hundred's of
> client and most of this IP's are behind huge NATed networks you can't
> just tell them to "clean their network".
>
> i will be happy if there is a way to strip of the client IP on my server
> before further transmission to destination mail server. this way i will
> have only the trouble of making sure my server is not blacklisted
> anywhere.
>
> Thanks
> Kebba
>
>
>

--
Salu-2 y hasta pronto ...

----------------------------------------------------------------
David Saez
On-Line Services 2000 S.L.
http://www.ols.es
----------------------------------------------------------------

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

graeme at graemef

Nov 28, 2011, 8:01 AM

Post #3 of 6 (333 views)
Permalink

Re: IP hearder checking for real time blacklist [In reply to]

On Mon, 2011-11-28 at 13:37 +0000, Kebba Foon wrote:
> well some of you might say why not ask the client to clean there
> systems, this will be to much difficult as we an ISP with hundred's of
> client and most of this IP's are behind huge NATed networks you can't
> just tell them to "clean their network".

Yes you can. Many do.

> i will be happy if there is a way to strip of the client IP on my server
> before further transmission to destination mail server. this way i will
> have only the trouble of making sure my server is not blacklisted
> anywhere.

If you strip the Received: headers from the emails traversing your
system then all emails will appear to have originated on your system
itself. That means you are *more likely* to end up being blacklisted as
the only originating information will be yours.

Think about it: if you have clients who are irresponsibly pumping
malware through your gateways, and you hide the originator, your gateway
will appear to be the source.

Yes, you can tell them to clean their networks.

Graeme

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

kebba.foon at qcell

Nov 28, 2011, 8:29 AM

Post #4 of 6 (330 views)
Permalink

Re: IP hearder checking for real time blacklist [In reply to]

On Mon, 2011-11-28 at 16:01 +0000, Graeme Fowler wrote:
> On Mon, 2011-11-28 at 13:37 +0000, Kebba Foon wrote:
> > well some of you might say why not ask the client to clean there
> > systems, this will be to much difficult as we an ISP with hundred's of
> > client and most of this IP's are behind huge NATed networks you can't
> > just tell them to "clean their network".
>
> Yes you can. Many do.
>
I guess i can, but these customers are really not technical they just
want to get their mails send. explaining the situation to them will be
like teaching rocket science to a kindergarten.

> > i will be happy if there is a way to strip of the client IP on my server
> > before further transmission to destination mail server. this way i will
> > have only the trouble of making sure my server is not blacklisted
> > anywhere.
>
> If you strip the Received: headers from the emails traversing your
> system then all emails will appear to have originated on your system
> itself. That means you are *more likely* to end up being blacklisted as
> the only originating information will be yours.
>
Thats not something i have considered, but if i can run spam/virus scan
on outgoing mails maybe this will reduce this problem. i understand that
will also cause a lot of load on my servers, but atleast i will not
receive disturbing mails pointing out how inefficient my system is.

> Think about it: if you have clients who are irresponsibly pumping
> malware through your gateways, and you hide the originator, your gateway
> will appear to be the source.
>
Well normally i ask out ISP team to block smtp to all other destination
expect our mail servers and usually ask the customer to get professional
help on cleaning their system.

> Yes, you can tell them to clean their networks.
>
> Graeme
>
>
Kebba

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

daniel at pocos

Nov 28, 2011, 10:15 AM

Post #5 of 6 (329 views)
Permalink

Re: IP hearder checking for real time blacklist [In reply to]

On Monday 28 November 2011 17:29:17 Kebba Foon wrote:
> Thats not something i have considered, but if i can run spam/virus scan
> on outgoing mails maybe this will reduce this problem. i understand that
> will also cause a lot of load on my servers, but atleast i will not
> receive disturbing mails pointing out how inefficient my system is.

My solution is to have clients route their MTA through an asmtp server which
is running spamassassin to block obvious spam. To avoid this mail getting
blacklisted if their external IP adress gets listed I remove the Received
headers on forwarding in the remote_smtp transport:

remote_smtp:
driver = smtp
headers_remove = "Received"

Malware doesn't appear to be smart enough to use a clients MTA, so it tries to
deliver mail directly to targets (which offcourse should be firewalled
anyway). So when they start spamming, their IP gets listed but legitimate mail
still gets through. My amstp server has never been blacklisted sofar.

--

POCOS B.V. - Croy 9c - 5653 LC Eindhoven
Telefoon: 040 293 8661 - Fax: 040 293 8658
http://www.pocos.nl/ - http://www.sipo.nl/
K.v.K. Eindhoven 17097024

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

kebba.foon at qcell

Nov 29, 2011, 12:36 AM

Post #6 of 6 (330 views)
Permalink

Re: IP hearder checking for real time blacklist [In reply to]

On Mon, 2011-11-28 at 16:04 +0100, David Saez Padros wrote:
> Hi
>
> te problem gets amplificated when users have dinamic ip address and such
> this
> servers are blocking clean users, you can use this to avoid publishing
> your users
> ip address:
>
> received_header_text = Received: \
> ${if and {{def:sender_rcvhost}{!def:authenticated_id}}\
> {from $sender_rcvhost\n\t}\
> {\
> ${if def:sender_ident {from ${quote_local_part:$sender_ident} }{\
> ${if def:authenticated_id {from
> ${quote_local_part:$authenticated_id} }}\
> }}\
> ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}\
> }\
> }\
> by $primary_hostname \
> ${if def:received_protocol {with $received_protocol}} \
> ${if def:tls_cipher {($tls_cipher)\n\t}}\
> (Exim $version_number)\n\t\
> ${if def:sender_address \
> {(envelope-from <$sender_address>)\n\t}}\
> id $message_exim_id\
> ${if def:received_for {\n\tfor $received_for}}
>
>
Thanks David, i will try to implement your suggestion on my test mail
server and see how things work out.

> > Dear list,
> >
> > I have been having an issues/concern with my mail server setup. because
> > MUA like outlook send along the IP of the originating client machine my
> > server tends to check this IP against the rbl sites, which i feel is not
> > right the checking has to be done on the outgoing mail server IP and not
> > the client sending the email. and recently i have been having similar
> > issues with the state.gov servers i can send emails without problems
> > from my mail server but some of our clients whose IP has been blacklist
> > cannot send emails to the same domain whiles their outgoing mail server
> > is configured to use my mail server.
> >
> > well some of you might say why not ask the client to clean there
> > systems, this will be to much difficult as we an ISP with hundred's of
> > client and most of this IP's are behind huge NATed networks you can't
> > just tell them to "clean their network".
> >
> > i will be happy if there is a way to strip of the client IP on my server
> > before further transmission to destination mail server. this way i will
> > have only the trouble of making sure my server is not blacklisted
> > anywhere.
> >
> > Thanks
> > Kebba
> >
> >
> >
>
>
> --
> Salu-2 y hasta pronto ...
>
> ----------------------------------------------------------------
> David Saez
> On-Line Services 2000 S.L.
> http://www.ols.es
> ----------------------------------------------------------------
>
>
>
>

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads