I manage a Linux server that functions as an email server using the
free and open source software (FOSS) package
sendmail.
I provide a mechanism through the server for someone who has
Verizon as his
Internet Service Provider (ISP) to send monthly newsletters
by email to an organization that has about thirteen hundred members on its
email distribution list, since he can't send to that number of people through
his ISP-provided email service. I do so by providing an
email alias
on my server, e.g., thelist@example.com that he puts in the
BCC line of his email. The alias is stored in /etc/aliases
and points to a text file containing the list of all members' email addresses.
So his ISP-provided
SMTP server sees only the one address, thelist@example.com,
which results in an email message to the server I manage that then translates
that address into the approximately 1,300 email addresses of members and sends
the newsletter to all members.
But this month the user reported he had sent the
message, but it had not been delivered to recipients. I first checked the
server's mail log, /var/log/maillog, for any occurrences of his
email address for the day he reported the problem. I use several free
DNS-based
Blackhole List (DNSBL) services to reduce the amount of
spam that
reaches user's inboxes, so I suspected that one of those services had blocked
email from the SMTP server through which he was sending his message, even
though I had whitelisted his email address quite some time ago by
adding a line like the following one to /etc/mail/access and
then running the command makemap hash /etc/mail/access
</etc/mail/access.
slartibartfast123987@verizon.net OK
I didn't find any references to his email address in the /var/log/mail
file, so I asked him to resend the message. I still didn't see any
references to his email address in the /var/log/maillog file,
but I did see that SORBS had blocked email from an
America Online (AOL)
server at the time he sent the message.
grep aol /var/log/maillog Aug 31 12:05:28 moonpoint sendmail[29108]: ruleset=check_relay, arg1=omr-m001e.m x.aol.com, arg2=127.0.0.6, relay=omr-m001e.mx.aol.com [204.29.186.1], reject=550 5.7.1 Spam Block:mail from 204.29.186.1 refused - see http://dnsbl.sorbs.net/ Aug 31 13:56:53 moonpoint sendmail[1971]: ruleset=check_relay, arg1=omr-m009e.mx .aol.com, arg2=127.0.0.6, relay=omr-m009e.mx.aol.com [204.29.186.8], reject=550 5.7.1 Spam Block:mail from 204.29.186.8 refused - see http://dnsbl.sorbs.net/ Aug 31 14:18:11 moonpoint sendmail[2945]: ruleset=check_relay, arg1=omr-m005e.mx .aol.com, arg2=127.0.0.6, relay=omr-m005e.mx.aol.com [204.29.186.5], reject=550 5.7.1 Spam Block:mail from 204.29.186.5 refused - see http://dnsbl.sorbs.net/
Those entries occur due to the following line in /etc/mail/sendmail.mc
which causes sendmail to check connections from other SMTP servers
attempting to deliver email to addresses on the server.
FEATURE(`dnsbl',`dnsbl.sorbs.net',`550 Spam Block: mail from $&{client_addr} refused - see http://dnsbl.sorbs.net/')dnl
I knew that recently Verizon had ceased providing its own email service
to its customers and had transitioned them to AOL email services, instead,
though they retain their @verizon.net email addresses, so the SORBS spam check
by sendmail was finding the
IP address
of the sending AOL SMTP servers on the SORBS blacklist and refusing
email from the above AOL servers, though I did find an entry for an AOL
server at another IP address that was allowed to transmit a message to
a user on the system, because that AOL IP address was not on the SORBS
blocklist nor any other blocklist I use with sendmail. So how can the
problem with SORBS blocking AOL email be resolved? You can have sendmail
whitelist all of the AOL SMTP server IP addresses. AOL provides a list
of the IP address ranges used by its email servers at
AOL Mail Servers
. Based on the information on that page, I added the following lines
to the /etc/mail/access file.
# ------------------------------------------------- # AOL # From https://postmaster.info.aol.com/mail-servers # OUTBOUND RELAYS 204.29.186.0/26 204.29.186.64/27 # ABERRANT OUTBOUND RELAYS 204.29.186.96/27 204.29.186.128/26 # TRANSACTIONAL MAIL 204.29.187.32/27 204.29.187.64/26 # BOUNCES FROM INTERNET MAIL INBOUND TO AOL 204.29.187.128/26 204.29.187.192/27 # FEEDBACK LOOP MAIL 204.29.186.192/26 204.29.187.0/27 # -------------------------------------------------
I then issued the command makemap hash /etc/mail/access
</etc/mail/access, so that sendmail would now whitelist any
email from the IP addresses above, i.e., if a connection was made to sendmail
from another server at one of those IP addresses, no spam check would be
performed.
# makemap hash /etc/mail/access </etc/mail/access makemap: /etc/mail/access: line 93: no RHS for LHS 204.29.186.0/26 makemap: /etc/mail/access: line 94: no RHS for LHS 204.29.186.64/27 makemap: /etc/mail/access: line 98: no RHS for LHS 204.29.186.96/27 makemap: /etc/mail/access: line 99: no RHS for LHS 204.29.186.128/26 makemap: /etc/mail/access: line 103: no RHS for LHS 204.29.187.32/27 makemap: /etc/mail/access: line 104: no RHS for LHS 204.29.187.64/26 makemap: /etc/mail/access: line 108: no RHS for LHS 204.29.187.128/26 makemap: /etc/mail/access: line 109: no RHS for LHS 204.29.187.192/27 makemap: /etc/mail/access: line 113: no RHS for LHS 204.29.186.192/26 makemap: /etc/mail/access: line 114: no RHS for LHS 204.29.187.0/27 #
I then asked the sender to retransmit the email message. After the sender told me he resent the email, I checked the mail queue with the mailq command and saw queued entries for his message.
I had to whitelist Gmail SMTP server addresses a few months ago when I found SORBS Blocking Email from Gmail. Granted, by whitelisting the IP addresses for AOL and Gmail servers, some spam from accounts using those servers may reach users on the server I manage, but the users of the system receive a lot of legitimate email from AOL and Gmail users and I can't have that legitimate email blocked in hopes of blocking all spam coming through an AOL or Gmail server.
Related articles:
