[CentOS] Re: postfix tightening
Craig White
craigwhite at azapple.com
Sun Apr 3 05:50:14 UTC 2005
On Sat, 2005-04-02 at 22:21 -0600, Mark A. Lewis wrote:
> Stumbled across this while researching the points raised in this thread.
> Very good writeup IMO and addresses many of the questions/concerns.
>
> http://jimsun.LinxNet.com/misc/postfix-anti-UCE.txt
>
-----
indeed and as you say...those who reject based upon client HELO/EHLO
address are non-compliant but in reading the perspective on your link,
it states...
Q2. Regarding your checks "reject_invalid_hostname,"
"reject_non_fqdn_hostname" and "check_helo_access": Isn't rejecting
on HELO/EHLO not being a valid and FQDN'd hostname a violation of
the RFC's?
A2. Why yes, yes it is. Doing so is a judgement call. In *my*
experience: it stops more spam than it does result in "false
positives." And in the few cases where it has resulted in false
positives, I've found that a friendly dialog with the offending
mail server's owner got it straightened out. Your mileage may
vary.
Machines outside "mynetworks" should *never* HELO/EHLO as being in
our domain. So even if you want to forego
"reject_invalid_hostname" and "reject_non_fqdn_hostname," it seems
to me perfectly reasonable to still do the "check_helo_access"
restriction.
I see the logic in the 'judgment call'
Craig
More information about the CentOS
mailing list