Greylisting...
Glenn Steen
glenn.steen at gmail.com
Mon Sep 25 21:15:14 IST 2006
On 25/09/06, mikea <mikea at mikea.ath.cx> wrote:
> On Mon, Sep 25, 2006 at 07:58:38PM +0200, Gordon Colyn wrote:
> > Please can you give me more info on how to do this?
>
> in response to my post containing
>
> > An additional sendmail ruleset stops SMTP transactions with MTAs that
> > HELO/EHLO as our MX, with this message:
> > "ruleset=check_rcpt, arg1=<recipient_address>,
> > relay=[relay_IPADDR],
> > reject=554 5.7.1 Invalid helo rejected; send mail to
> > abuse at odot.org
> > if rejected in error - are you really 192.149.244.25"
> > which stops even more _and_ gives me nice patterns to watch in my maillog
> > database. But all that's off-topic here, so ask in private mail if you
> > want more info.
>
> For Rob Poe, Gordon Colyn, and everyone else who asked how to do
> rejection on HELO/EHLO string:
>
> http://mikea.ath.cx/areyoureally.html
>
> should give you the pointers you need. It's very brown'n'serve, though
> you will want to set the list of rejected HELO/EHLO strings to your needs
>
> *and*
>
> you will want to tailor the rejection message to your standards.
>
Just a small observation: I see that you (IMO rightly) reject the
domain literal (MX IP address) too... This _technically_ breaks RFC
compliance. (IIRC... Not the best memory in the world, and too lazy to
look it up:-)..
But having said that, I've been happily doing this for quite some time
(with Postfix), and have observed no ill effects. I always found the
whole part, in the RFCs, about domain literals just a tad idiotic:-).
Because of that, I might be remembering that whole passage wrong;-)
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list