Slightly OT: Postfix smtpd restrictions
Jethro R Binks
jethro.binks at strath.ac.uk
Mon Jun 28 22:26:01 IST 2010
On Fri, 25 Jun 2010, Drew Marshall wrote:
> For example, BT won't let anyone change their PTR, so EHLO/ HELO is
> always going to be a mismatch for these.
So fix the problem the other way around: change the HELO name to use the
PTR name. Might be trickier if the sending IP is dynamic and so the PTR
is different. Might also be trickier in a natted environment where
internal sending box doesn't know the external PTR. But in either case
you should probably use the ISP mail relay because you probably aren't
paying for a suitable business-class service to run a mail server from.
> Most people running Exchange 'naked' to the Internet end up having a
> EHLO as <name>.local or some such other non existent TLD so that ends up
> not matching either and so it goes on.
That's purely a configuration issue of the send connector, for the last
few versions of Exchange I think. Fixable.
> As ever YMMV but for me, I found other ways to combat spam coming from
> these sorts of connections such as RBLs etc.
That's true enough; rejecting on mismatch between HELO and PTR can be a
dangerous business (you might be better off using a mismatch as a scoring
criteria for SpamAssassin). However, many of those mismatches are
trivially fixable by the sending sites, should they be encouraged to do so
to better guarantee the chances of their mail getting through, and so
ultimately increase the value of checks for HELO matching PTR.
That's not to say that some spambots don't make efforts to make their HELO
names match the PTRs of their IP; but while checks on mismatch are
perceived to be worthless because of the above perceived problems, there
isn't much incentive for spambots to be much cleverer. That will change,
as more receiving servers demand more strictness of their sending peer.
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
More information about the MailScanner