problem with Samba mail traffic and people with spam filters

Marc MERLIN merlin at valinux.com
Thu Feb 15 19:07:33 GMT 2001 

[Reply-to set to postmaster at valinux.com]

On Thu, Feb 15, 2001 at 10:32:07AM -0500, Michael H. Warfield wrote:
> ] Received: from beefcake.hdqt.valinux.com
> ] 	([10.1.0.14.55044] helo=valinux.com ident=root) 
>           ^^^^^^^^^^^^^^^

Yes, it's  a configuration option in  exim to add the  port number. The main
reason for  that is  to allow tracking  when you go  through a  NAT firewall
(i.e. you  get the  IP of  the firewall,  and without  the port  number, you
cannot trace back the connection to the original sending machine)

> ] #
> ] # Morons trying to forge IP addresses
> ] :0 Hf
> ] * ^Received: .*\[[0-9\.]*([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9])
> ] | formail -b -f -A "$trash_header ordinary tag-contents header bad IP"
 
It looks  like one  or two  spam checkers do this  indeed. One of  our users
internally noticed  that and already contacted  the author so that  he could
update the regex.
 
> common anti-spam package I obtained by following links off the sendmail
> site.  I'm sure there are other people using this (who are probably NOT
> getting this message for this very reason) and many of those dump
> tagged messages straight to /dev/null rather than into spam cans for
> latter checking and mucking out.
 
That's very unfortunate.
Quite frankly, I'm not sure what to do. On one side, we can provide received
lines which do not  allow tracking back to the originally  sending IP, or on
the other side, a few overzealous spam checkers will break.
 
> 	I don't know if there has been a recent change at VA Linux or
> in the mailing list routing, but this seems to have only started occuring
> fairly recently (like in the last week or so).
 
It's not really  mailing list routing, it's just exim.conf  on our main mail
server.
(Unless I  missed something, VA  isn't hosting  samba lists, so  this should
only affect posts  that come from VA, not the  whole list. Of course, Jeremy
works at VA, but who cares about what he says anyway ;-D)

 
I'm not  quite sure  what's best. 
Hopefully the few spam checkers will be  fixed and I believe that people are
responsible for the  mail they themselves filter out, but  if you think that
we should  turn this off instead  of having the spam  checkers fixed, please
send us Email to voice your opinion

(It's disabled right now so that this mail reaches the people in question)

Thanks,
Marc
-- 
VA Linux Systems Server Sysadmin. 510 687 7061
 
Home page: http://marc.merlins.org/
Finger marc_f at merlins.org for PGP key

More information about the samba mailing list