So, are you trying to catch spammers? is that the point?
-----Original Message-----
From: Mike Kenny [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 27, 2006 6:46 AM
To: Miles Fidelman
Cc: users@spamassassin.apache.org
Subject: Re: mapping dynamic IPs to specific accounts
Thanks Miles, but I am not sure that this is what I am looking
for. My client's users will already have authenticated to access the
data network, but all that remains to identify them is the IP address
that they were assigned for that session. The data network guys have
added code to update a DNS with both the IP and the original
authentication string provided by the user. When one of these
dynamically assiged IPs connects to our SMT Pserver we want to be able
to look up the auth string in the DNS and check this against a
blacklist.
It is not considered acceptable to force the users to
authenticate a second time when they want to send email. We must accept
the network authentication as being valid (it is, our problem is not
unauthenticated users, but authenticated users who perform unauthorized
actions line spamming) and then impose our own rules of behavior on
those users by blacklisting them
mike
On 12/27/06, Miles Fidelman <[EMAIL PROTECTED]> wrote:
Mike Kenny wrote:
> A client of mine provides an email service to a number
of mobile
> users. This leave my client open to abuse as addresses
are assigned
> dynamically and blocking specific users is difficult.
We have set up
> an internal, private DNS which we update with the
authentication
> details of the user and the IP assigned to him/her at
that time. We
> now want to configure postfix/spamassassin to query
this DNS and
> return the authentication details. This will allow us
to blacklist the
> abusive users until they re-register (at a cost) and
should help us
> fight the proliferation of spam.
>
> How best can this be done? It is not enough that the
IP is in the DNS,
> we expect it to be and we don not want to blacklist
based on the IP.
> We actually need to get the authentication details
back and look these
> up in a blacklist. So how do we configure postfix or
spamassassin to
> look up
Mike,
You're barking up the wrong tree. There are several
well-established
mechanisms specifically designed to authenticate mobile
users to email
systems. What you want is SMTP AUTH, possibly w/ TLS.
Look at the
wikipedia entries for SMTP-AUTH and SASL, and then look
at the Postfix
howtos.
Miles Fidelman
