Am 2008-06-27 08:17:11, schrieb Richard Frovarp:
The list is setup without a reply to field. Look at the headers. Anyone
hitting reply will get the individual who sent who sent the message, not
the list. I'm guessing people are taking the shortcut of hitting reply
all (so that they get the
Matus UHLAR - fantomas wrote:
... and I thought I explained it in the sentence before. Since DNS lookup is
not made by MTA and SA expects it to be, the case where the RDNS is not in Received:
is taken as there is not rdns. Since there is verison's HELO but not RDNS,
it's
Matus UHLAR - fantomas wrote:
[snip]
IIRC there was already case provided when MTA didn' dns lookup so it was
made to be done via SA (and afaik SA did it before). If my memory is
correct, this would be just another case
(sorry, no time to search archives/bugs/google by now)
yes, it is
Matus UHLAR - fantomas wrote:
IIRC there was already case provided when MTA didn' dns lookup so it was
made to be done via SA (and afaik SA did it before). If my memory is
correct, this would be just another case
(sorry, no time to search archives/bugs/google by now)
On 29.06.08 16:04, mouss
Matt Kettler wrote:
[snip]
if so that fake helo should not be fake :=)
Well, it shouldn't be fake, because 206.46.173.3 really is
vms173003pub.verizon.net.
However, it would appear that athena.apache.orgdidn't get an answer to
its PTR querry.. either that or the
Jo, didn't you get your answer several times now? I don't understand
why this thread continues.
Jo Rhett wrote:
On Jun 25, 2008, at 6:34 PM, Benny Pedersen wrote:
then stop cc me
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
tests=FM_FAKE_HELO_VERIZON,SPF_PASS
X-Spam-Check-By:
Agreed! Guys, please take it offline. The SpamAssassin users list is
not an appropriate place for this.
--j.
Rubin Bennett writes:
Fer the love of Pete guys, take this offline. This has *nothing* to do
with SpamAssassin other than making me wish my system would toss this
whole damn
Matt Kettler wrote:
[snip]
if so that fake helo should not be fake :=)
Well, it shouldn't be fake, because 206.46.173.3 really is
vms173003pub.verizon.net.
However, it would appear that athena.apache.orgdidn't get an answer to
its PTR querry.. either that or the headers generated by
Benny Pedersen wrote:
On Fri, June 27, 2008 03:09, Jo Rhett wrote:
Personal attacks are not relevant to the topic.
hmm
AppleMail is the only mua i have seen that cant make a reply to maillist
without sending cc
you talk like its my problem right ?
is AppleMail the only option you
Matt Kettler wrote:
[snip]
if so that fake helo should not be fake :=)
Well, it shouldn't be fake, because 206.46.173.3 really is
vms173003pub.verizon.net.
However, it would appear that athena.apache.orgdidn't get an answer to
its PTR querry.. either that or the headers generated by
Matus UHLAR - fantomas wrote:
Matt Kettler wrote:
[snip]
if so that fake helo should not be fake :=)
Well, it shouldn't be fake, because 206.46.173.3 really is
vms173003pub.verizon.net.
However, it would appear that athena.apache.orgdidn't get an answer to
its PTR querry..
Benny Pedersen wrote:
On Fredag, 20/6 2008, 10:04, Henrik K wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host.
Matt, you should know better. ;) It's first _external_ host.
and is
On Jun 25, 2008, at 6:34 PM, Benny Pedersen wrote:
then stop cc me
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
tests=FM_FAKE_HELO_VERIZON,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of [EMAIL PROTECTED]
designates 206.46.173.3 as permitted sender)
On Fri, June 27, 2008 02:08, Jo Rhett wrote:
I'm sorry, but you're a constant source of backscatter, Benny.
and you are a constant ignorant sending me cc
get a life
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
On Jun 26, 2008, at 5:43 PM, Benny Pedersen wrote:
and you are a constant ignorant sending me cc
get a life
Personal attacks are not relevant to the topic.
Sending someone a CC to a message they sent, and to which their mail
headers sets reply-to, is only a problem in Bennys mind. But he
Dave, what are you complaining about? This thread went sideways
without my involvement. I was replying to someone else's query about
Benny's mail servers sending back random SPF failure backscatter
messages.
On Jun 26, 2008, at 5:22 PM, Dave Koontz wrote:
Jo, didn't you get your answer
On Fri, June 27, 2008 03:09, Jo Rhett wrote:
Personal attacks are not relevant to the topic.
hmm
AppleMail is the only mua i have seen that cant make a reply to maillist
without sending cc
you talk like its my problem right ?
is AppleMail the only option you have ?
if i had to use such bad
Fer the love of Pete guys, take this offline. This has *nothing* to do
with SpamAssassin other than making me wish my system would toss this
whole damn thread.
People and their delicate egos...
*grumble*
Rubin
On Fri, 2008-06-27 at 04:13 +0200, Benny Pedersen wrote:
On Fri, June 27, 2008
On Fri, June 27, 2008 04:28, Rubin Bennett wrote:
?People and their delicate egos...
*grumble*
smile :)
X-Mailer: Evolution 2.22.0-4.1mdv2008.1
another mua is found brokken
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Benny Pedersen wrote:
On Thu, June 26, 2008 04:40, Matt Kettler wrote:
I'll attempt to do so. Didn't realize you disliked it.
its like asking 2 times for the same answer and wonder why no answer
Well then set a Reply-to header to point to the list when you post
here... That's
On Jun 20, 2008, at 1:13 PM, Henrik K wrote:
On Fri, Jun 20, 2008 at 12:58:55PM -0700, Jo Rhett wrote:
On Jun 20, 2008, at 12:44 PM, Henrik K wrote:
You _need_ to have everything internal, so there will be no SPF
lookups.
Your fear of IP spoofers makes no sense to me, how do you think
someone
On Jun 20, 2008, at 1:52 PM, mouss wrote:
I've never had an ISP/hoster block bogons, but I've never let them
in. it's part of the first rules in ipf/pf/iptables/router/$FW (and
in both directions. so my networks never send packets with bogon IPs
to the internet). if you don't partition the
On Jun 22, 2008, at 4:09 PM, Jonas Eckerman wrote:
If you do get a connection attempt from a non routable address on
your SMTP servers external interface, you should have no way to
acknowladge the connection if your own border router is configured
correctly.
You are assuming that there
On Jun 22, 2008, at 8:22 PM, Matt Kettler wrote:
Just because a packet can get theredoesn't mean they can deliver
mail. (by the way, IMO you're *insane* for not having a something in
place that filters such things. A simple PIX firewall at your border
with ip verify reverse-path enabled
On Jun 23, 2008, at 12:23 AM, Matus UHLAR - fantomas wrote:
it one packet reaches your host, nothing happends. Fot the TCP/SMTP
connections to be opened, (at least) three packets must be sent, in
both
directions. If you can trace to 10.x address that is not part of your
network, it's a
On Wed, Jun 25, 2008 at 02:18:01AM -0700, Jo Rhett wrote:
NOW, let's return to securing SA properly.
This is getting out of hand and offtopic..
You have already your options:
- Add all hosts to internal_networks.
- Don't call SA at all
Why is this getting on and on?
On Jun 23, 2008, at 12:23 AM, Matus UHLAR - fantomas wrote:
it one packet reaches your host, nothing happends. Fot the TCP/SMTP
connections to be opened, (at least) three packets must be sent, in
both
directions. If you can trace to 10.x address that is not part of your
network, it's a
On Jun 25, 2008, at 2:34 AM, Henrik K wrote:
This is getting out of hand and offtopic..
Yes
You have already your options:
- Add all hosts to internal_networks.
- Don't call SA at all
Why is this getting on and on?
Why is it getting offtopic, I don't know.
Why is the conversation still
On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote:
On Jun 25, 2008, at 2:34 AM, Henrik K wrote:
This is getting out of hand and offtopic..
Yes
You have already your options:
- Add all hosts to internal_networks.
- Don't call SA at all
Why is this getting on and on?
Why is it
On Jun 25, 2008, at 2:49 AM, Matus UHLAR - fantomas wrote:
slovakia ended on machine at german machine. I know that something
can be
broken at this level. I just think that SA should not take care about
this...
Hm. Not sure I agree. I'm not asking SA to prevent it from
happening. I just
On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote:
reading the code it implies that maybe I should make
internal_networks explicitly defined (right now its implicit and
thus ==
trusted_networks) to be smaller than trusted networks. This will
probably solve my SPF problem. Is there a
Jo Rhett wrote:
If you do get a connection attempt from a non routable address on your
SMTP servers external interface, you should have no way to acknowladge
the connection if your own border router is configured correctly.
You are assuming that there is enough infrastructure to provide a
On Wed, Jun 25, 2008 at 03:08:48AM -0700, Jo Rhett wrote:
On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote:
reading the code it implies that maybe I should make
internal_networks explicitly defined (right now its implicit and
thus ==
trusted_networks) to be smaller than trusted
Jo Rhett wrote:
On Jun 22, 2008, at 8:22 PM, Matt Kettler wrote:
Just because a packet can get theredoesn't mean they can deliver
mail. (by the way, IMO you're *insane* for not having a something in
place that filters such things. A simple PIX firewall at your border
with ip verify
On Jun 25, 2008, at 2:34 AM, Henrik K wrote:
You have already your options:
- Add all hosts to internal_networks.
- Don't call SA at all
Why is this getting on and on?
On 25.06.08 03:00, Jo Rhett wrote:
Why is it getting offtopic, I don't know.
Why is the conversation still going on?
Benny Pedersen wrote:
On Fredag, 20/6 2008, 10:04, Henrik K wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host.
Matt, you should know better. ;) It's first _external_ host.
and is most
On Thu, June 26, 2008 02:54, Matt Kettler wrote:
It's a fine distinction, but one that does matter to some folks who are
set up this way. In most cases the two are equal, but that doesn't
excuse me from confusing the two. I should know better. :)
then stop cc me
X-ASF-Spam-Status: No,
Benny Pedersen wrote:
On Thu, June 26, 2008 02:54, Matt Kettler wrote:
It's a fine distinction, but one that does matter to some folks who are
set up this way. In most cases the two are equal, but that doesn't
excuse me from confusing the two. I should know better. :)
then stop cc me
On Thu, June 26, 2008 04:40, Matt Kettler wrote:
I'll attempt to do so. Didn't realize you disliked it.
its like asking 2 times for the same answer and wonder why no answer
I'm SA interpreted the Received header as meaning that athena.apache.org
found no reverse-lookup the host, and that
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP
is broken.
On 20.06.08 11:57, Jo Rhett wrote:
Does your ISP filter egress packets on your interface?
Jo Rhett wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP is
broken.
You don't run packet sniffers on your hosts much, do you? ;-)
If you do get a connection attempt from a non routable address
Jo Rhett wrote:
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP
is broken.
You don't run packet sniffers on your hosts much, do you? ;-)
Does your ISP
John Hardin wrote:
On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote:
header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) by
arran\.svcolo\.com (/
score XX -5
Oops. Need some plusses in there...
/from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host.
Matt, you should know better. ;) It's first _external_ host.
Matt Kettler wrote:
Why do neither of those options make sense? I do both in my network,
albeit that version SPF is only in my internal view, and I actually
use 10.xx.0.0/16 not 10/8. (I only use a /16, not the whole /8)
Is there some detail that's missing here? ie: do you have a compelling
On Fri, 20 Jun 2008, mouss wrote:
John Hardin wrote:
On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote:
header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\])
by arran\.svcolo\.com (/
score XX -5
Oops. Need some plusses in there...
/from \S+\.svcolo\.com (\S+
On Jun 19, 2008, at 9:12 PM, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host.
The question here would be if 10.x.x.x is in fact an internal, and
presumably trusted, network, why isn't it trusted?
The mail server I'm receiving this on is in the outside
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host
Henrik K wrote:
Matt, you should know better. ;) It's first _external_ host.
On Jun 20, 2008, at 3:54 AM, Matt Kettler wrote:
Doh.. my bad.
Huh? How are
On Fredag, 20/6 2008, 05:37, Jo Rhett wrote:
I'm trying to figure out how to stop SPF_FAIL on messages generated on
an internal rfc1918 network and routed through a trusted host.
netconsonance.com. IN TXT v=spf1 ip4:64.13.134.178 ip4:64.13.143.17
ip4:209.157.140.144 mx ~all
not you ?
On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host
Henrik K wrote:
Matt, you should know better. ;) It's first _external_ host.
On Jun 20, 2008, at 3:54
On Fredag, 20/6 2008, 05:37, Jo Rhett wrote:
I'm trying to figure out how to stop SPF_FAIL on messages generated
on
an internal rfc1918 network and routed through a trusted host.
On Jun 20, 2008, at 10:37 AM, Benny Pedersen wrote:
netconsonance.com. IN TXT v=spf1 ip4:64.13.134.178
On Jun 20, 2008, at 10:44 AM, Henrik K wrote:
On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted
host
Henrik K wrote:
Matt, you should know better. ;) It's
On Fredag, 20/6 2008, 10:04, Henrik K wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host.
Matt, you should know better. ;) It's first _external_ host.
and is most of the time olso first untrusted ? :)
both
On Jun 19, 2008, at 9:21 PM, John Hardin wrote:
/from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo
\.com
(/
You actually need some backslashes too, but I figured it out. Thanks.
See my other note about trusted_hosts breaking all forms of
whitelisting, FYI. This kind of
On Fri, 20 Jun 2008, Jo Rhett wrote:
On Jun 19, 2008, at 9:21 PM, John Hardin wrote:
/from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo\.com (/
You actually need some backslashes too, but I figured it out. Thanks.
D'oh!
See my other note about trusted_hosts breaking all
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP
is broken.
You don't run packet sniffers on your hosts much, do you? ;-)
Does your ISP filter egress
On Fredag, 20/6 2008, 19:59, Jo Rhett wrote:
netconsonance.com. IN TXT v=spf1 ip4:64.13.134.178 ip4:64.13.143.17
ip4:209.157.140.144 mx ~all
not you ?
Nope ;-)
added .17 to the domain you are sending from, but its not you so not your
problem :)
Benny Pedersen
Need more webspace ?
On Fri, Jun 20, 2008 at 11:01:40AM -0700, Jo Rhett wrote:
On Jun 20, 2008, at 10:44 AM, Henrik K wrote:
On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted
host
On Fredag, 20/6 2008, 20:49, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see 10.x
(or other RFC-1918) traffic coming in from the world, your ISP is broken.
pppoe, but firewall it to be sure, rule is newer accept connections from non
routable ips from
On Fri, Jun 20, 2008 at 11:57:38AM -0700, Jo Rhett wrote:
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP is
broken.
You don't run packet sniffers on
On Jun 20, 2008, at 12:23 PM, Henrik K wrote:
Jo, you are unbelievable in a funny way.
You always come up with dozens of posts seemingly with the attitude
I must
be right. You don't configure things like they should be, and then
complain
that things don't work. Just set up the friggin
On Fri, Jun 20, 2008 at 12:31:06PM -0700, Jo Rhett wrote:
On Jun 20, 2008, at 12:23 PM, Henrik K wrote:
Jo, you are unbelievable in a funny way.
You always come up with dozens of posts seemingly with the attitude I
must
be right. You don't configure things like they should be, and then
On Jun 20, 2008, at 12:44 PM, Henrik K wrote:
You _need_ to have everything internal, so there will be no SPF
lookups.
Your fear of IP spoofers makes no sense to me, how do you think
someone
could accomplish that? Just put the 10.something there.
You could have said that a lot easier ;-)
On Fri, Jun 20, 2008 at 12:58:55PM -0700, Jo Rhett wrote:
On Jun 20, 2008, at 12:44 PM, Henrik K wrote:
You _need_ to have everything internal, so there will be no SPF
lookups.
Your fear of IP spoofers makes no sense to me, how do you think
someone
could accomplish that? Just put the
On Fri, 20 Jun 2008, Jo Rhett wrote:
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see 10.x
(or other RFC-1918) traffic coming in from the world, your ISP is broken.
You don't run packet sniffers on your hosts much, do you?
Jo Rhett wrote:
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP
is broken.
You don't run packet sniffers on your hosts much, do you? ;-)
Does your ISP
I'm trying to figure out how to stop SPF_FAIL on messages generated on
an internal rfc1918 network and routed through a trusted host.
Host A: generates mail, origin IP 10.x.x.x
Host B: relays mail for Host A, to Host C
Host C: receives mail, marks SPF_FAIL
Host B is both in the valid SPF
On Thu, 2008-06-19 at 20:37 -0700, Jo Rhett wrote:
Example:
host A: 10.0.0.1 generates e-mail, routes via HostB
Host B: has outside IP 64.13.143.16
Received: from arran.svcolo.com (arran.sc.svcolo.com
[64.13.143.17]) by kininvie.sv.svcolo.com (8.14.1/8.14.1) with ESMTP
Jo Rhett wrote:
I'm trying to figure out how to stop SPF_FAIL on messages generated on
an internal rfc1918 network and routed through a trusted host.
Host A: generates mail, origin IP 10.x.x.x
Host B: relays mail for Host A, to Host C
Host C: receives mail, marks SPF_FAIL
Host B is both in
On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote:
header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) by
arran\.svcolo\.com (/
score XX -5
Oops. Need some plusses in there...
/from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo\.com
(/
--
John
70 matches
Mail list logo