SENDEr-ACCESS exceptions

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SENDEr-ACCESS exceptions

James B. Byrne
The constantcontact.com domain was added to our sender_access file:

constantcontact.com                                               REJECT
.constantcontact.com                                              REJECT

I must have done this but at some distant time in the past as I have
no recollection of doing so.

The situation is that now one of the professional organisations our
firm belongs to sends its newsletter via constantcontact.com.  I can
of course simply remove constantcontact.com from the block list.
However, given that it is one of only two such entries I must have had
considerable provocation to add it to begin with.

My researches into the reputation of constantcontact.com does not
inspire confidence and tends to support the original decision.
However, i may be compelled to allow their servers to connect to
deliver this particular organisation's monthly newsletter.

At the moment this is what happens:

This is what we see in our logs respecting constantcontact.com

smtpd[14594]: NOQUEUE: reject: RCPT from
ccm168.constantcontact.com[208.75.123.168]: 554 5.7.1
<AMUVf+m56QtmyuiScINpnzw==_1115946392118_8o8akGcxEeOfSdSuUpLCrA==@in.constantcontact.com>:

Sender address rejected: Access denied;
from=<AMUVf+m56QtmyuiScINpnzw==_1115946392118_8o8akGcxEeOfSdSuUpLCrA==@in.constantcontact.com>

to=<[hidden email]> proto=ESMTP

helo=<ccm168.constantcontact.com>


This indicates that we obtain a recipient address from the connection
before it is rejected.  Is their a method available to me to permit
one recipient address for this sender and block all the rest?  Is
there a better way to block all traffic from constantcontact.com
except for a specific recipent?


--
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:[hidden email]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

Reply | Threaded
Open this post in threaded view
|

Re: SENDEr-ACCESS exceptions

Viktor Dukhovni


> On Jan 2, 2018, at 12:19 PM, James B. Byrne <[hidden email]> wrote:
>
> The constantcontact.com domain was added to our sender_access file:
>
> constantcontact.com                                               REJECT
> .constantcontact.com                                              REJECT

They are a largely legitimate bulk mailer that offers their services
to business customers.  They aren't always able to weed out customers
with dirty contact lists preëmptively.  So some of their traffic is
spam, but IIRC they drop and/or reeducate spamming customers.  YMMV.

I'd remove the rule and watch for unwanted traffic.  Report any abuse
you find to constantcontact, and see whether their response is adequate.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: SENDEr-ACCESS exceptions

@lbutlr
In reply to this post by James B. Byrne
On 2 Jan 2018, at 10:19, James B. Byrne [hidden email]> wrote:
> My researches into the reputation of constantcontact.com does not
> inspire confidence and tends to support the original decision.

Yep, they are spammer scum, one of those companies were (can't say un) subscribing is certain to get you added to many more spam lists and any complaints to them are ignored.

I would tell the organization the company they are dealing with is a hive of spammers and they should look for a different provider as many mail servers will reject they mail.

But, if you want to receive the mail for a specific user you just need to check for the user earlier in the smtpd_recipient_restrictions, right?

check_recipient_access hash:$config_directory/recipient_access
check_sender_access pcre:$config_directory/sender_access.pcre,



--
Han : This is not going to work. Luke: Why didn't you say so before?
Han : I did say so before!