[clamav-users] Clamav with VPN
G.W. Haywood
clamav at jubileegroup.co.uk
Tue May 5 18:02:20 UTC 2020
Hi there,
On Tue, 5 May 2020, Paul Kosinski via clamav-users wrote:
>>> To try to solve this issue, i have added this line in my /etc/hosts file :
>>>
>>> * 104.16.218.84 database.clamav.net
>>
>> Don't do things like that. Sooner or later it will break, and you'll
>> find yourself back here again asking why.
>
> Our firewall blocks our mail server from issuing requests via ports 80
> and 443, but, after our failure to set up a private mirror that worked
> reliably after the switch to Cloudflare (their BOS mirror was usually
> behind the DNS TXT reported version, as detailed in many previous
> posts), I had to add exceptions for 104.16.218.84 and 104.16.219.84 ...
I'm not sure that I understand your point. Mine was that hacks like
tweaking resolv.conf to try to get round a broken name service instead
of fixing the service are bound to come back and bite you.
> P.S. Since "G.W. Haywood" <clamav at jubileegroup.co.uk> never accepts
> incoming mail, why not switch from CC to BCC in your submissions to
> clamav-users and save us a lot of frustration.
Sorry for any frustration but I think you misunderstand. The address
you mentioned there does indeed accept incoming mail, but (as I have
already explained) only from the list server. Also, normally I send
mail from my list addresses only to the list addresses - there's no CC
in my mail to the lists. For example, this message will be sent to
Paul Kosinski via clamav-users <clamav-users at lists.clamav.net>
and only to that address. The list server does what it does, there's
nothing I can do about that but you might be able to configure what it
does for you to be more to your liking, see
https://lists.clamav.net/mailman/options/clamav-users
You can always reach me via the list of course.
> (Also, your private email address from which you sent me a private
> email never accepted my private reply, it just "timed out" -- twice.)
My private and public email addresses are all served by the same MX,
and use the same systems for filtering mail (obviously with different
configurations for private and list mail). So either your sending IPs
(216.55.100.245 or 216.55.100.246) or IPs nearby in the IP block are,
or have recently been, sending spam:
http://multirbl.valli.org/lookup/216.55.100.245.html
http://multirbl.valli.org/lookup/216.55.100.246.html
Admittedly some of the blacklists that we use are a bit broad-brush,
but we do see an awful lot of spam attempts from Level3 IPs. When it
comes to service providers I'm in the "vote with your chequebook" camp
and I'll do anything I can to encourage ISPs to develop good hygiene.
Regrettably that does sometimes mean that there's collateral damage.
Incidentally those two IPs seem to be the only nameservers for the
iment.com domain. As they're both on the same network, you might be
vulnerable to a single point failure taking your domain offline.
https://mxtoolbox.com/domain/iment.com/
You'd be much better advised to worry about that than worry about a
tadpole-sized mail server in the UK dropping your packets.
--
73,
Ged.
More information about the clamav-users
mailing list