On 7/18/11, Always Learning <centos@xxxxxxxxxx> wrote:
> Sorry if I seem thick but I am having problems understanding why, with
> the use of NAT, the HELO/EHLO and their external IP address can not
> match. Also what influences does scaling have on the ability of sending
> mail servers (MTAs) to operate with host names that match their IP
> addresses ?
I'm trying to make sense of your suggestion and the objections raised,
since I do want to cut down on spam coming into my own server but at
the same time I don't want to cut off legit senders.
So far it seems to me that in for larger corps, this is what the
problem might be.
Say they have 3 different connections for redundancy, one serves
aaa.bbb.ccc.1x, another serve aaa.bbb.ccc.2x and the last .3x
And they have a bunch of services running on various servers, say 10
of them. each with their own hostname e.g. mail1.xyzcorp.com,
mail2.xyzcorp.com
For troubleshooting/tracing purposes, they use different HELO/EHLO
names for the servers and each mail server has their own IP range in
the aaa.bbb.ccc.xx net.
Since they have less outgoing connections than SMTP servers, their
router load balance the outgoing amongst the 3 connections.
So in this case, mail2.xyzcorp.com which HELO with aaa.bbb.ccc.11 may
get sent out via the aaa.bbb.ccc.20 or aaa.bbb.ccc.30 connection and
by your rules get blocked despite being legit.
At least that's how I'm understanding it but I don't admin any site
large enough to know if things are ever set up like that.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
