Re: spam avoidance (was Re: cpu speed problem)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 11:45 PM +0100 7/30/07, Andy Green wrote:
>Somebody in the thread at some point said:
>> At 11:25 AM +0100 7/30/07, Andy Green wrote:
>>  ...
>>>    - insist on proper Helo FQDN (lot of spam tools and viruses don't
>>> take care of this)
>>  ...
>>
>> Do you require the name to be real, or only in valid form?  That is, do you
>> do a DNS lookup on the name?
>
>All of the above.... (this is from /etc/postfix/main.cf)
>
>smtpd_helo_required = yes
>
>smtpd_helo_restrictions =
>  # our personalized list of accepts and denys based on HELO name
>   check_helo_access hash:/etc/postfix/helo_access,
>  # talk to our local boxes that want to send through us
> permit_mynetworks,
>  # no Reverse DNS gets the boot
> reject_unknown_client,

I think reject_unknown_client refers to rDNS for the connect IP, not the
hello hostname, which would be reject_unknown_hostname.  My milter
disallows relaying from any connect IP that seems "dynamic", such as having
no rDNS at all.

>  # reject bad syntax hostname
> reject_invalid_hostname,
>  # non FQDN gets the boot
> reject_non_fqdn_hostname

I have my milter set up to reject any form of numeric hello, even the
RFC-compliant [xx.xx.xx.xx], and then to reject if the hello has DNS "A"
record.  I don't check for "MX", since AIUI anything with an "MX" record
should have an "A" record, and "MX" records are for receiving email, not
sending it.

>and after that it checks it against the blackhole DNS server and then
>greylisting.

OK, thanks.
-- 
____________________________________________________________________
TonyN.:'                       <mailto:tonynelson@xxxxxxxxxxxxxxxxx>
      '                              <http://www.georgeanelson.com/>


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux