Re: postfix tightening

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, 2005-04-02 at 22:21 -0600, Mark A. Lewis wrote:
> Stumbled across this while researching the points raised in this thread.
> Very good writeup IMO and addresses many of the questions/concerns.
> 
> http://jimsun.LinxNet.com/misc/postfix-anti-UCE.txt 
> 
-----
indeed and as you say...those who reject based upon client HELO/EHLO
address are non-compliant but in reading the perspective on your link,
it states...

 Q2. Regarding your checks "reject_invalid_hostname,"
     "reject_non_fqdn_hostname" and "check_helo_access": Isn't rejecting
     on HELO/EHLO not being a valid and FQDN'd hostname a violation of
     the RFC's?

 A2. Why yes, yes it is.  Doing so is a judgement call.  In *my*
     experience: it stops more spam than it does result in "false
     positives."  And in the few cases where it has resulted in false
     positives, I've found that a friendly dialog with the offending
     mail server's owner got it straightened out.  Your mileage may
     vary.

     Machines outside "mynetworks" should *never* HELO/EHLO as being in
     our domain.  So even if you want to forego
     "reject_invalid_hostname" and "reject_non_fqdn_hostname," it seems
     to me perfectly reasonable to still do the "check_helo_access"
     restriction.

I see the logic in the 'judgment call'

Craig


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux