[GLLUG] SMTP HELO/Spam Question

Brad Fears brad at tricountywebdesign.com
Thu Sep 30 10:42:34 EDT 2004 

But that still doesn't explain why I can send a test message from Hotmail
from the same dialup IP and it goes through fine.  I would assume that
spamassassin is checking the same connecting IP regardless of which mail
server I'm sending from.  I have to assume that the Hotmail server is
either concealing that connecting IP or changing it somehow.

--Brad Fears


> On Thu, 30 Sep 2004, Brad Fears wrote:
>
>> We have a qmail smtp implementation for our outgoing mail, which has
>> been
>> working very well for more than a year now.  However, I sent an email to
>> myself last evening and noticed that it went straight to my spam folder
>> (ala spamassassin).  Upon investigation, I found the reason to be that
>> the
>> dial up connection I was using through MSU was listed in SORBS,
>> DYNABLOCK,
>> DSBL, etc.
>>
>> I checked the email headers, and the HELO command from the SMTP server
>> reflected the local dialup IP address rather than that of the mail
>> server
>> sending the mail.  I sent a test message from Hotmail to see the results
>> of the HELO command again, and it reflected "hotmail.com" rather than my
>> dialup IP, which (I assume) is the reason that spamassassin lets it go
>> right through.  Does anyone know how to configure qmail-smtpd so it will
>> send my mail server's IP rather than my dialup IP?  I have relaying
>> limited to localhost for Squirrelmail, if that has anything to do with
>> it.
>
> The dnsbl's don't block on HELO names, as you can put whatever you'd like
> for it, and spammers do.  Frequently, they put in the hostname or IP of
> your mail server.  Instead, the IP of the connecting machine is checked
> against the dnsbl's.  spamassassin probably looks at Received header lines
> and queries the blacklists.
>
> At least some of the blacklists simply keep track of dialup ranges, and
> block solely based on that.  You could stop using the dialup lists or give
> them a lower point value, or whitelist your own IP range.  You could
> whitelist by From address or helo name, but that is very susceptible to
> forgery.
>
> --
> Sometimes the garbage disposal gods demand a spoon
> ()  The ASCII Ribbon Campaign against HTML Email,
> /\  vCards, and proprietary formats.
>   http://www.georgedillon.com/web/html_email_is_evil.shtml
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user
>
>


Brad Fears
Tri-County Web Design, LLC
http://www.tricountywebdesign.com
(517) 712-6668

More information about the linux-user mailing list