Loading ...
Sorry, an error occurred while loading the content.

Re: Understanding Client Restrictions

Expand Messages
  • Drew Tomlinson
    ... Thank you both for the excellent advice and best practices suggestions. I will try this out and see if it solves my issue. Thanks, Drew
    Message 1 of 9 , Jun 5, 2010
    View Source
    • 0 Attachment
      On 6/4/2010 6:24 PM, Noel Jones wrote:
      > On 6/4/2010 8:10 PM, Jeroen Geilman wrote:
      >>> On 6/4/2010 7:12 PM, Jeroen Geilman wrote:
      >>>>> On 6/4/2010 6:59 PM, Jeroen Geilman wrote:
      >>>>>>> 554 5.7.1 Service unavailable;
      >>>>>>> Client host [69.63.178.167] blocked using bl.spamcop.net; Blocked
      >>>>>>> - see
      >>>>>>> http://www.spamcop.net/bl.shtml?69.63.178.167;
      >>>>>>> from=<notification+o=6pg=ze@...>
      >>>>>>> to=<drew@...> proto=ESMTP helo=<mx-out.facebook.com>
      >>>>>>> OK, I get it. Facebook email is being blocked because servers it
      >>>>>>> uses
      >>>>>>> are on a SpamCop blacklist. How can I allow mail from servers
      >>>>>>> identifying themselves as<anything>.facebook.com before blacklist
      >>>>>>> processing?
      >>>>>>
      >>>>>> You may want to put facebook in check_helo_access instead; however,
      >>>>>> this
      >>>>>> opens you up to all sorts of spam unless you also require proper
      >>>>>> forward+reverse DNS for MXen.
      >>>>>>
      >>>>>> Put in the prelevant reject_*_helo and reject_non-fqdn_*
      >>>>>> restrictions so
      >>>>>> HELOs will be worth checking; then implement check_helo_access for
      >>>>>> your
      >>>>>> facebook issue.
      >>>>>>
      >>>>>
      >>>>> I would avoid using check_helo_access for any kind of whitelisting
      >>>>> since it's easily and frequently forged. Use check_helo_access for
      >>>>> whitelisting only as a last resort.
      >>>>>
      >>>>> A far better choice is to whitelist by the client name or IP block.
      >>>>
      >>>> I agree completely, however, this is what he asked for; and I don't
      >>>> recognise the client hostname as being in any way related to facebook.
      >>>>
      >>>> If the client hostname is not dependable, that would not be useful to
      >>>> check for.
      >>>>
      >>>> J.
      >>>>
      >>>
      >>>
      >>> You have to do 30 seconds of research...
      >>>
      >>> $ host -t txt facebookmail.com
      >>> facebookmail.com descriptive text "v=spf1 ip4:69.63.178.128/25
      >>> ip4:69.63.184.0/25 ip4:66.220.144.128/25 -all"
      >>>
      >>> Looks as if the client in question is listed as a valid source IP.
      >>
      >> Ah.. I never thought of using the SPF records, good point.
      >>>
      >>>
      >>> $ whois tfbnw.net
      >>> ...
      >>> (all kinds of facebook contact info)
      >>> ...
      >>> (facebook name servers)
      >>> ...
      >>>
      >>> Looks as if the client hostname is owned by facebook.
      >>>
      >>> Whitelisting by client hostname is the right choice. Always exhaust
      >>> other possibilities before using a HELO based whitelist.

      Thank you both for the excellent advice and best practices suggestions.
      I will try this out and see if it solves my issue.

      Thanks,

      Drew
    Your message has been successfully submitted and would be delivered to recipients shortly.