[Dshield] Anyone familier with Lyris MailShield?

Tony Earnshaw tonni at hetnet.nl
Fri Jan 4 22:25:59 GMT 2008 

Brenden Walker skrev, on 04-01-2008 20:32:

> I hope this is an okay list to post this to, it's kinda related?  Feel
> free to kick it back moderator ;-)

I'm not a moderator; I'm a bread and butter Postfix mailadmin.

> One of the features of our product mails alerts out to customers (email,
> phones, etc).  I just recently encountered an inability to mail to
> Verizon cell phones (in this case through sbcglobal, the customers ISP).
> The weird thing (I thought) was the error:
> 
> 550 SMTP connection refused
> 
> This is after the message body is sent, so the connection really wasn't
> refused.  A bit misleading.
> 
> I telneted into the Verizon mail server and tested mail sending
> manually.  Turns out that if I have "X-MSMail-Priority: Normal" in the
> headers, it'll give me that message. It will also fail if I put in
> "X-Mailer: DSI_Thread_SMTPClient".  Both after ending the DATA command.
> 
> Easy enough to drop the MSMail-Priority (I never wanted to use it, but
> customers did).  I thought we were being good mail clients by including
> a distinctive X-Mailer line.

Why? it's not part of rfc2822 which dictates how messages should be 
formatted.

> The question I have is should we just drop
> X-Mailer entirely?

Don't know what it is or what it does. My sites have never needed it or 
used it and have got on well enough with the other Internet MTAs for years.

> Is there a blacklist somewhere that may contain out
> X-Mailer line?

Possibly it's somebody's idea of a heuristic that goes toward typifying 
spam?

> I just tried it with a somewhat random X-Mailer: and it
> failed on that as well

Well there you go.

> perhaps MailShield only accepts known mailer
> lines?

I don't know what MailShield is, etc.

> Hopefully someone knows more about this than I do.  I'm sure I'll at
> least get some good input on whether to use X-Mailer or not. 

As I wrote, my (Postfix and Exim) sites have got on perfectly well 
without it for years - I don't know why "I should be using it". Said 
sites send out zero spam (I'd be ready to sacrifice my butt). No one 
gets to send from my sites without first SASL authenticating over TLS 
and is then locked into their login ID, can never send as anyone else, 
each outgoing message contains the SASL authenticated user's name. 
Production sites send all messages digitally signed by DKIM (this one, 
my home site, doesn't). All outgoing mail is scanned for virus using 
ClamAV, BitDefender and Sophos AV, as well as for non-permitted 
attachments. Each outgoing message contains a priority header.

My incoming mail is virus and spam-scanned after priorly going through 
many anti-UCE checks; we get a minimum of tagged spam coming in (the 
system can be trained by each user) and almost 100% guaranteed no 
email-transported virus or trojans.

IOW I work hard at being an effective and conscientious mailadmin, 
obeying the many rfc rules and without resorting to black magic I know 
nothing about. Verizon accepts all we send it.

Best,

--Tonni

-- 
Tony Earnshaw
Email: tonni at hetnet dot nl

More information about the list mailing list