Change sending IP for outgoing mail per domain?

LawsHosting

LawsHosting

Verified User
Joined
Sep 13, 2008
Messages
2,398
Location
London UK
Has anyone got their MTA IP blocked by AOL before? If so, how easy/hard is it to get it unblocked? I've sent a request to their postmaster dept.

A client is receving a hell of a lot of email (some spam looking at the queue, and yes I use SB4.1), thing is, he has a forwarder set up to his AOL address, so, boom!

I know of here, but is it good practice to do it this way? I do not mind if 1 IP gets blocked (I'll give him a dedi IP!)..

So, if I want to implement this, I'd just need to create a /etc/virtual/interfaces with:
domain: IP
...
...
Click to expand...
then add:
interface = ${lookup{$sender_address_domain}lsearch{/etc/virtual/interfaces} {$value}{IP}}
Click to expand...
to Comment 61 of SB4.1? Is the {IP} the main IP? So if nothing is listed in /etc/virtual/interfaces, then the usual IP is used? That right?

NB: I'm not sure why the spam isn't being blocked by the way :confused:
 
This is a sample email:
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Tue, 14 Aug 2012 16:13:01 +0100
Received: from mail by server3.laws-hosting.co.uk with spam-scanned (Exim 4.76)
(envelope-from <[email protected]>)
id 1T1Ink-00025h-JE
for [email protected]; Tue, 14 Aug 2012 16:13:01 +0100
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
server3.laws-hosting.co.uk
X-Spam-Level:
X-Spam-Status: No, score=-0.9 required=3.0 tests=AWL,BAYES_00,HK_LOTTO_NAME,
HTML_IMAGE_RATIO_08,HTML_MESSAGE,LOTS_OF_MONEY autolearn=no version=3.3.1
Received: from approvedemail.co.uk ([209.190.214.10])
by server3.laws-hosting.co.uk with esmtp (Exim 4.76)
(envelope-from <[email protected]>)
id 1T1Ink-00025d-9e
for [email protected]; Tue, 14 Aug 2012 16:13:00 +0100
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=ilovethat.co; d=ilovethat.co.uk;
h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type; [email protected];
bh=OEQM2UUxYY849EEFe3hU0fcn0Qk=;
b=oXDK3CRVO3TtpwVVZrtrbp/OHQrF9F3F//tpbuUM0aRjCOrQWmw4SrzqiyApakdz+BVr7QtwVzwF
etgWgLIl8w==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=ilovethat.co; d=ilovethat.co.uk;
b=SCKwCUS5Q9BViinbgU8FJz66FdPmDvrtvY/zPqBcYCiiRoCBPGwCqp0nzIifwlPhdOcnuj23p24g
DKfWjzbgtQ==;
Received: from res01 (172.20.16.120) by approvedemail.co.uk (PowerMTA(TM) v3.5r16) id h59lfc0mqokb for <[email protected]>; Tue, 14 Aug 2012 11:12:52 -0400 (envelope-from <[email protected]>)
Date: Tue, 14 Aug 2012 11:12:57 -0400 (EDT)
From: Lottery Master <[email protected]>
Reply-To: [email protected]
To: <[email protected]>
Message-ID: <[email protected]>
Subject: An estimated $305 Million* could be yours this Wednesday
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_683959_605911901.1344957177982"
X-Mailer: Eloop Mailer
Importance: normal
X-Antivirus-Scanner: Seems clean. You should still use an Antivirus Scanner
Click to expand...

Yes [email protected] is edited (to protect from harvesting).

How is this type of mail getting through though? Because of the DKIM stuff?
 
Peter Laws said:
NB: I'm not sure why the spam isn't being blocked by the way :confused:
Click to expand...

Is RBL enabled? By the way your exim.conf might be configured in the way that spamassassin skips checking incoming emails to non-existing email boxes including forwarders and catch-all.
 
zEitEr said:
Is RBL enabled? By the way your exim.conf might be configured in the way that spamassassin skips checking incoming emails to non-existing email boxes including forwarders and catch-all.
Click to expand...
Spam is being blocked for other domains, so its (the SB4.1 RBLs) are working.

Actually, he is using his main email address (ie. username@domain). So, if you have an external forwarder, it won't get scanned (RBLs and SA)? For now, I've set up a new email account for him, forwarded miles => new address, haven't added a forwarder to his aol yet.
 
If I recall correctly, ACLs may not be checked against mail being forwarded. I suppose I should take the time to check it some day, but of course you can, as well.

AOL wants to help you help them with eliminating spam, and they understand the limits of their system not properly identifying the origin of forwareed email. If you haven't already done so, visit their postmaster website (aol.com) and set up a feedback loop (aol.com) with them. Instead of immediately blocking you they'll send you a copy of each spam they identify as coming from your server. Then they'll give you time to contact your clients and fix the problem.

Jeff
 
I have been successful with AOL in this situation, they also suggest the feedback loop, however, since my main IP doesn't belong to me, I would need to change Exim's listening and remote smtp to an IP that I "kind of" own (has to have my abuse@ in whois' abuse-mailbox: entry).
I'm just making sure if you have a rDNS/PTR for the IP, you're good to go?
So:
remote_smtp:
driver = smtp
interface = new.ip.address
Click to expand...
should be enough right? Do I need to make it listen on that IP too?


I've also activated DKIM, not sure if it works for external forwarders?
 
nobaloney said:
If I recall correctly, ACLs may not be checked against mail being forwarded. I suppose I should take the time to check it some day, but of course you can, as well.
Click to expand...
Justt tested myself. I can confirm that it does (well, the Spamassassin headers are present), not sure if RBLs are checked.

However, these may be normal for forwarders:

1. SPF fails/softfails as the originating address (eg. sender) doesn't match the IP (eg. our server).
2. Also, the DKIM isn't present in forwarded mail.
 
You must log in or register to reply here.
Back
Top