On Sat, 2005-04-02 at 22:21 -0600, Mark A. Lewis wrote:

Stumbled across this while researching the points raised in this thread. Very good writeup IMO and addresses many of the questions/concerns.

http://jimsun.LinxNet.com/misc/postfix-anti-UCE.txt

----- indeed and as you say...those who reject based upon client HELO/EHLO address are non-compliant but in reading the perspective on your link, it states...

Q2. Regarding your checks "reject_invalid_hostname," "reject_non_fqdn_hostname" and "check_helo_access": Isn't rejecting on HELO/EHLO not being a valid and FQDN'd hostname a violation of the RFC's?

A2. Why yes, yes it is. Doing so is a judgement call. In *my* experience: it stops more spam than it does result in "false positives." And in the few cases where it has resulted in false positives, I've found that a friendly dialog with the offending mail server's owner got it straightened out. Your mileage may vary.

Machines outside "mynetworks" should *never* HELO/EHLO as being in our domain. So even if you want to forego "reject_invalid_hostname" and "reject_non_fqdn_hostname," it seems to me perfectly reasonable to still do the "check_helo_access" restriction.

I see the logic in the 'judgment call'

Craig