Re: spam avoidance (was Re: cpu speed problem)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 11:45 PM +0100 7/30/07, Andy Green wrote:
>Somebody in the thread at some point said:
>> At 11:25 AM +0100 7/30/07, Andy Green wrote:
>>  ...
>>>    - insist on proper Helo FQDN (lot of spam tools and viruses don't
>>> take care of this)
>>  ...
>>
>> Do you require the name to be real, or only in valid form?  That is, do you
>> do a DNS lookup on the name?
>
>All of the above.... (this is from /etc/postfix/main.cf)
>
>smtpd_helo_required = yes
>
>smtpd_helo_restrictions =
>  # our personalized list of accepts and denys based on HELO name
>   check_helo_access hash:/etc/postfix/helo_access,
>  # talk to our local boxes that want to send through us
> permit_mynetworks,
>  # no Reverse DNS gets the boot
> reject_unknown_client,

I think reject_unknown_client refers to rDNS for the connect IP, not the
hello hostname, which would be reject_unknown_hostname.  My milter
disallows relaying from any connect IP that seems "dynamic", such as having
no rDNS at all.

>  # reject bad syntax hostname
> reject_invalid_hostname,
>  # non FQDN gets the boot
> reject_non_fqdn_hostname

I have my milter set up to reject any form of numeric hello, even the
RFC-compliant [xx.xx.xx.xx], and then to reject if the hello has DNS "A"
record.  I don't check for "MX", since AIUI anything with an "MX" record
should have an "A" record, and "MX" records are for receiving email, not
sending it.

>and after that it checks it against the blackhole DNS server and then
>greylisting.

OK, thanks.
-- 
____________________________________________________________________
TonyN.:'                       <mailto:tonynelson@xxxxxxxxxxxxxxxxx>
      '                              <http://www.georgeanelson.com/>

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux