spam avoidance (was Re: cpu speed problem)
Tony Nelson
tonynelson at georgeanelson.com
Tue Jul 31 00:39:54 UTC 2007
At 11:45 PM +0100 7/30/07, Andy Green wrote:
>Somebody in the thread at some point said:
>> At 11:25 AM +0100 7/30/07, Andy Green wrote:
>> ...
>>> - insist on proper Helo FQDN (lot of spam tools and viruses don't
>>> take care of this)
>> ...
>>
>> Do you require the name to be real, or only in valid form? That is, do you
>> do a DNS lookup on the name?
>
>All of the above.... (this is from /etc/postfix/main.cf)
>
>smtpd_helo_required = yes
>
>smtpd_helo_restrictions =
> # our personalized list of accepts and denys based on HELO name
> check_helo_access hash:/etc/postfix/helo_access,
> # talk to our local boxes that want to send through us
> permit_mynetworks,
> # no Reverse DNS gets the boot
> reject_unknown_client,
I think reject_unknown_client refers to rDNS for the connect IP, not the
hello hostname, which would be reject_unknown_hostname. My milter
disallows relaying from any connect IP that seems "dynamic", such as having
no rDNS at all.
> # reject bad syntax hostname
> reject_invalid_hostname,
> # non FQDN gets the boot
> reject_non_fqdn_hostname
I have my milter set up to reject any form of numeric hello, even the
RFC-compliant [xx.xx.xx.xx], and then to reject if the hello has DNS "A"
record. I don't check for "MX", since AIUI anything with an "MX" record
should have an "A" record, and "MX" records are for receiving email, not
sending it.
>and after that it checks it against the blackhole DNS server and then
>greylisting.
OK, thanks.
--
____________________________________________________________________
TonyN.:' <mailto:tonynelson at georgeanelson.com>
' <http://www.georgeanelson.com/>
More information about the users
mailing list