On Fri, 2014-08-29 at 01:06 +0200, Reindl Harald wrote:
> the question was just "how can i enforce RBL tests inside the own LAN"
> the question was just "how can i enforce RBL tests inside the own LAN"
> the question was just "how can i enforce RBL tests inside the own LAN"
RBL tests cannot be enforced. Internal and trusted networks settings
need to be configured correctly to match the RBL test's scope, in your
case last-external.
If there are trusted relays found in the Received headers, and the first
trusted one's connecting relay is external (not in the internal_networks
set), then an RBL test for last-external will be run.
This is entirely unrelated to "own LAN" or "network range".
> >>> Received headers before that simply CANNOT be trusted. There is no way
> >>> to guarantee the host they claim to have received the message from is
> >>> legit
> >>
> >> in case running postfix with SA as milter *there are no* Received
> >> headers *before* because there is nobody before
> >
> > There almost always is at least one Received header before, the sender's
> > outgoing SMTP server
>
> *no no no and no again*
>
> there is no Received header before because a botnet zombie don't use
> a outgoing SMTP server
I said "almost always", with direct-to-MX delivery being the obvious
exception. Possible with botnet spam, yes, but too easy to detect. Thus,
botnet zombies frequently forge Received headers.
(Besides, in your environment SA won't see much botnet spam anyway.
Spamhaus PBL as first level of defense in your Postfix configuration
will reject most of them. But that's not the point here.)
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
