At 11:45 PM +0100 7/30/07, Andy Green wrote: >Somebody in the thread at some point said: >> At 11:25 AM +0100 7/30/07, Andy Green wrote: >> ... >>> - insist on proper Helo FQDN (lot of spam tools and viruses don't >>> take care of this) >> ... >> >> Do you require the name to be real, or only in valid form? That is, do you >> do a DNS lookup on the name? > >All of the above.... (this is from /etc/postfix/main.cf) > >smtpd_helo_required = yes > >smtpd_helo_restrictions = > # our personalized list of accepts and denys based on HELO name > check_helo_access hash:/etc/postfix/helo_access, > # talk to our local boxes that want to send through us > permit_mynetworks, > # no Reverse DNS gets the boot > reject_unknown_client, I think reject_unknown_client refers to rDNS for the connect IP, not the hello hostname, which would be reject_unknown_hostname. My milter disallows relaying from any connect IP that seems "dynamic", such as having no rDNS at all. > # reject bad syntax hostname > reject_invalid_hostname, > # non FQDN gets the boot > reject_non_fqdn_hostname I have my milter set up to reject any form of numeric hello, even the RFC-compliant [xx.xx.xx.xx], and then to reject if the hello has DNS "A" record. I don't check for "MX", since AIUI anything with an "MX" record should have an "A" record, and "MX" records are for receiving email, not sending it. >and after that it checks it against the blackhole DNS server and then >greylisting. OK, thanks. -- ____________________________________________________________________ TonyN.:' <mailto:tonynelson@xxxxxxxxxxxxxxxxx> ' <http://www.georgeanelson.com/>
