[Maybe OT] - RFC compliance checking at session
steve.freegard at fsl.com
Fri Feb 29 16:17:36 GMT 2008
> So what do you guys think? Am I just being particularly awkward on a
> Friday afternoon and should I spend my time re-working our config to
> work around an organisation who is blatantly ignorant of common mail
> server practise, or just tell my user that the sending organisation
> needs to get their act together?
Any anti-spam measures you put in place should have the ability for
specific senders IP/PTR to be whitelisted for cases such as this.
We've been enforcing strict RFC-compliance in HELOs (FQDN or IP-domain
literal; e.g. [ip.ip.ip.ip]) for a long time now. It helps a quite a bit:
214-2.0.0 036 rfc2821-strict-helo=4135 (8.55%)
However - I have had the need to whitelist a handful of hosts in the
past. And if your user wants the message, then why not? It's not going
to force the sender to do anything about their mail server any quicker,
just annoy your user.
There are some 'crazy' SMTP set-ups around, even some big providers
flaunt the RFCs at will.
I recently came across a host that had to be whitelisted through our
greylisting functions (which were set to 10 minutes) because their MTA
retried messages every 20 and 60 seconds and had a hard limit of 10
retries maximum before the message was de-queued and bounced back to the
sender (the RFC states that mail should be queued for up to 5 *days*).
More information about the MailScanner