At 7:12 AM +0100 7/31/07, Andy Green wrote: >Somebody in the thread at some point said: > >> I think reject_unknown_client refers to rDNS for the connect IP, not the >> hello hostname, which would be reject_unknown_hostname. My milter >> disallows relaying from any connect IP that seems "dynamic", such as having >> no rDNS at all. > >You're quite right. Now there aren't too many direct spams I quite like >looking at the headers of the successful ones anyway, I'll do a host on >the HELO fqdn by hand for a while and see if it would be worth the risk >of unwanted rejects by adding reject_unknown_hostname. > >>> # reject bad syntax hostname >>> reject_invalid_hostname, >>> # non FQDN gets the boot >>> reject_non_fqdn_hostname >> >> I have my milter set up to reject any form of numeric hello, even the >> RFC-compliant [xx.xx.xx.xx], and then to reject if the hello has DNS "A" >> record. I don't check for "MX", since AIUI anything with an "MX" record >> should have an "A" record, and "MX" records are for receiving email, not >> sending it. > >Do you mean "reject if the hello *doesn't* have a DNA A record"? Opps, yes. >Thanks for the precision on the host and HELO reject_unknown_* Welcome. -- ____________________________________________________________________ TonyN.:' <mailto:tonynelson@xxxxxxxxxxxxxxxxx> ' <http://www.georgeanelson.com/>
