Slightly OT: Postfix smtpd restrictions

Alex Broens ms-list at alexb.ch
Fri Jun 25 10:27:14 IST 2010


On 2010-06-25 11:06, Jason Ede wrote:
> I was thinking of sticking with just the
> unknown_reverse_client_hostname rather than the stricter one. As far
> as I can gather from the docs only if the IP doesn't resolve to a
> hostname will the email be rejected.

iirc, this wil only generate a 450, as temporarily unresolvalble (as 
when your DNS has hickup)

bots may not come back, but misconfigured legit servers (mostly Exchange 
  boxes)  will hammer you with connections, possibly for days, and will 
probably cause support cases.


> 
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Drew
> Marshall Sent: 25 June 2010 09:02 To: MailScanner discussion Subject:
> Re: Slightly OT: Postfix smtpd restrictions
> 
> 
> On 24 Jun 2010, at 12:57, Jason Ede wrote:
> 
> 
> This is purely MTA based, but since a lot of users here run
> postfix...
> 
> How have others found reject_unknown_reverse_client_hostname and the
> more harsh reject_unknown_client_hostname  in postfix? I'm debating
> implementing them here and wonder if others have found them
> problematic or useful? I thinking they should be good for weeding out
> spam emails and I can't see that they should catch legitimate
> senders, but want to be sure
> 
> I have to be honest, I ran this for a short while in warn mode and
> found that the number of people with mis-configured PTR records is
> huge (In the UK).. For example, BT won't let anyone change their PTR,
> so EHLO/ HELO is always going to be a mismatch for these. Most people
> running Exchange 'naked' to the Internet end up having a EHLO as
> <name>.local or some such other non existent TLD so that ends up not
> matching either and so it goes on.
> 
> As ever YMMV but for me, I found other ways to combat spam coming
> from these sorts of connections such as RBLs etc.
> 
> Drew
> 
> -- In line with our policy, this message has been scanned for viruses
> and dangerous content. Our email policy can be found at
> www.trunknetworks.com/policy<http://www.trunknetworks.com/policy>
> 
> Trunk Networks Limited is registered in Scotland with registration
> number: SC351063 Registered Office 55-57 West High Street Inverurie
> AB51 3QQ
> 


More information about the MailScanner mailing list