Spamblocker and external MX servers.

K

Kod

Verified User
Joined
May 5, 2005
Messages
40
Location
France
Hi everyone,


I'm testing some kind of an appliance (e-mail filter hosted in another DC) that filters spam and viruses.

So my main incoming e-mail server which hosts the exim daemon is not listed as an MX server for my domains (not frontal), all e-mails are routed to the filter server first and then delivered to the main server.

I would like to have some of the spam which still gets through the filter, to be blocked by spamblocker using the bad_sender_hosts or bad_sender_hosts_ip file, however this doesn't work, probably because the server delivering the e-mail is not the original sending server but the e-mail filter... (hope this makes sense to you)

blacklist_domains works great though!

Any workaround to make spamblocker detect the original sending server?


example of headers

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Fri, 10 Oct 2014 12:08:38 +0200
Received: from FILTERSERVER.TLD ([xx.xx.xxx.xxx] helo=EMAILSENDERSERVER.TLD)
by [email protected] with esmtp (Exim x.xx)
(envelope-from <[email protected]>)
id xxxxxxxxxxxxxxxxxxxxx
for [email protected]; Fri, 10 Oct 2014 12:08:38 +0200
Received: from EMAILSENDERSERVER.TLD ([xxx.xx.xx.xx])
by FILTERSERVER.TLD for [email protected] ;
Fri, 10 Oct 2014 12:08:40 +0200 (CEST)
Click to expand...


Thanks alot
 
Last edited:
What filtering system are you using? I think that is the filtering system that need to add he original servers line, nothing to do with end-point server

Regards
 
Thanks for the reply SeLLeRoNe,

I have no access to blacklist the offender ips on the appliance (filter) yet.

I could simply filter these ips using iptables, however i would like a failure delivery message to be sent back to the sender, which is why I need spamblocker.
 
Last edited:
The parts of my SpamBlocker exim.conf files which address blocking do so based on the connection point to your server, which in all cases is your appliance, so they're useless.

Email is NOT scanned by exim to see what previous headers it contains. That's SpamAssassin's job. So you can be sure you've got SpamAssssin installed, and create custom SpamAssassin rules. Or just block by From address, which is generally nowhere near as effective.
\
Jeff
 
Hi nobaloney,

Thanks for the reply, that's what i figured out

I have changed the appliance and can now fine tune the rules on the new one.

I'm also still using blacklist_domains which is working despite the appliance.
 
You must log in or register to reply here.
Back
Top