Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: danfulton on October 18, 2007, 04:36:27 PM

Title: Add remote IP to trusted_networks
Post by: danfulton on October 18, 2007, 04:36:27 PM

I am trying to add an IP to the trusted_networks in /etc/mail/spamassassin/local.cf, I (think) I either need to create a file in /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf to expand the config, or enter a value in the db using config setprop qpsmtpd TrustedNetworks "192.168.0. 127.", but I'm not sure which is the correct route.

I've had a look in the forum, and found http://forums.contribs.org/index.php?topic=34652.0, but somehow this does not answer the question!

Any help appreciated.

Dan

Title: Re: Add remote IP to trusted_networks
Post by: Frank VB on October 18, 2007, 07:50:12 PM

There's a contrib from Darrell May which adds a panel "E-mail WBL" in the Server Manager (http://mirror.contribs.org/smeserver/contribs/dmay/smeserver/7.x/testing/smeserver-wbl/) where you can manage the whitelist/blacklist entries. If I remember it correctly, this panel gives you the possibility to add an IP address to the whitelist but you should check this out (I'm not sitting behind my server right now, so I can't tell for sure).

Title: Re: Add remote IP to trusted_networks
Post by: danfulton on October 19, 2007, 10:05:46 AM

I've tried this contrib, and don't think it solves the problem I'm encountering  :(

The problem is that all mail to local user, from local users situated at a remote site, triggers the RDNS_DYNAMIC rule, which in turn causes the emails to be marked as spam.

For the time being I've reduced the score for that rule to 0.1, which masks the problem, but would like to fix the problem 'properly'.

The other annoyance is that the remote site is actually a fixed IP, assigned from a dynamic range by an ISP!

Any help appreciated

Dan

Title: Re: Add remote IP to trusted_networks
Post by: mmccarn on October 19, 2007, 02:13:07 PM

If you add the remote IP as a 'local network' using a netmask of '255.255.255.255' in server-manager::Security::Local networks (http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11#Local_networks) then your remote site will be treated by SME's qpsmtpd as a 'local' site, and will use the 'local' qpsmtpd configuration that does not use spamassassin.

There are other firewall implications to this decision:

• un-authenticated smtp relay is enabled by default for 'local networks'.  You may want to enable smtp authenticated relay for 'local' users as shown here: http://wiki.contribs.org/Email#How_do_I_enable_smtp_authentication_for_users_on_the_internal_network.
• local networks can have un-encrypted access to ibays (which may expose passwords to intermediate systems)
• proxy access is enabled by default from all 'local networks'.
• server-manager is available to all 'local networks'

This list is probably incomplete.

I don't know of an easy way to change only the email behavior for a single remote IP...