Mailing List SIMS@mail.stalker.com Message #7576
From: Bill Cole <listbill@scconsult.com>
Subject: Re: Whitehole Entries
Date: Thu, 25 Jan 2001 18:37:21 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
At 3:28 PM -0400 1/25/01, Paul Galati  imposed structure on a stream
of electrons, yielding:
After adding the multiple RBL entries that were listed recently,  I
am getting a lot more blacklisted entires in my log file.

Is there a way to allow a blacklisted domain to be able to send
e-mail to any account on the server?

<*%msn.com@blacklisted> = *

Not quite.

If you really want to pass everything claiming to be from an msn.com
address, even if it comes from a machine in a RBL-style blacklist,
you need to bless the sending IP address. Check your logs and find
the address, and add it to your client IP list.

CAUTION: MAKE SURE ANY ADDRESS YOU DO THIS WITH IS REALLY A LEGIT
MAIL SERVER. THIS CHANGE MEANS THAT YOUR SERVER WILL TRUST IT
TOTALLY, EVEN FOR RELAY.

For some reason, the msn domain is still being blocked.

[full disclosure: I work for MAPS on the 'Consulting Services' side, so
I know a lot about our lists but don't deal with them directly.]

The RBL-style lists do not block by domain, they block by IP address
of the connecting machine. Each list is a little different in why it
might list a site,  so you might want to check which list is blocking
mail you think it should not and figure out why. The MAPS lists make
this pretty easy: each list has defined principles that the online
ops folks are VERY eager to follow strictly. We also have per-address
details available for the RSS and RBL lists. For the details about
those policies and specifics about individual addresses, see
<http://mail-abuse.org>.


ORBS is a bit different, and at times can seem very capricious. See
their website for policies and details on individual addresses.

 If I use

<Username%*@blacklisted = accountname

Do I have to be explicit for each account  name on a blacklisted
server to pass through the router.  If I know 20 people that use
MSN, do I need to have 20 entires in the router like the 2nd
example.

That's not it. See <http://www.stalker.com/SIMS/AntiSpam.html#WhiteHole> for how to whitehole. Whiteholes are local accounts that are not subject to any blackholing.

I would like to be able to allow my accounts to receive
any mail from any account at msn.com as long as it originates from
that domain, not a forged header.

Not possible.

There is no way for SIMS to detect most sorts of forgery. When the accept/reject decision is made, SIMS has not even received the headers.

<*%*@blacklisted> = *    <--  Is this really defeating the purpose
of blacklisting ?

It would be, if it worked. Router entries can only have one wildcard.

<*@blacklisted> = *   would do the same thing: remove blacklisting from all of your accounts.

--
Bill Cole
Senior Consultant, MAPS L.L.C. Consulting Services Group
wkc@mail-abuse.org (work)
bill@scconsult.com (personal)
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster