[clamav-users] ign2 whitelist don't work

Reindl Harald h.reindl at thelounge.net
Tue Jul 19 17:09:43 UTC 2016 


Am 19.07.2016 um 19:00 schrieb Charles Swiger:
> On Jul 19, 2016, at 10:28 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
> [ ... ]
>>> 2) In the absence of MX records stating otherwise, I expect that any mailserver which sends outbound email should be willing to accept inbound mail for the same domains it terminates or relays email on behalf of.
>>
>> that is not how email works
>
> As I recall, you were either submitting a bug report about ClamAV and SPF, which seems misguided as you've since acknowledged ("i know that SPF is not relevant for clamav"), or at the least you were looking for feedback about how to better handle legitimate email from paypal.at which you were bouncing due to ClamAV's heuristics.

no, i was submitting what the subject says and explained why it's 
unacceptable not to be able in a software which tries to make 
assumptions about phising by no clue about SPF

>> a) the sender is @mail.paypal.at and not "@epsl1.com"
>
> True.
>
>> b) every smarter setup these days has strictly
>>   seperated outbound and inbound servers
>
> False.  Assuming that there is only one correct mail architecture is a major fallacy.

bla - yes there are more ways but your whole stuff about SPF was 
entirely wrong from the very begin in case of the messages in question

> If a mail server sends outbound, it needs to be willing to handle bounces and DSNs for those  messages/domains which it sends.

bullshit - the MX does and this servers outbound mail was *not* for a 
domain below it's own hostname and so it has no business for inbound mail

>> why?
>>
>> because it's much easier to define MTA policies for spamfiltering when you need not to mix with mail clients and when you do outbound spamfiltering you need completly different rules (no RBL looksups, no PTR checks, different scorings and first of all no postscreen in front which a MUA can't handle)
>
>
> It is reasonable to have different inbound and outbound MTAs to implement different policies?  Sure.
>
> Is that the only mechanism by which one can have different policies?  Nope.

far off-topic the whole discussion just because you where unable to look 
careful at the one logline and make correct SPF requests while i already 
told in the orginal mail that i have verified it and even posted the 
spamassassin SPF_PASS line of the message in question

> It is reasonable to trust all local mail and push the burden of checking it upon others?  Nope.

did i say that?

> You should be applying spamfiltering and especially malware/virus scanning to outbound email just as rigorously as you do to inbound email.  In a few cases that I am familiar with, outbound email is screened more carefully than inbound email.

where did i say anything else?

but you need different configs as i explained and it should be pretty 
clear why - there is no point makeing dialup-rbl-tests on a submission 
client which is typically a enduser somewhere at home



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160719/2bb0c3ff/attachment.sig>

More information about the clamav-users mailing list