On Sat, 2005-04-02 at 22:21 -0600, Mark A. Lewis wrote: > Stumbled across this while researching the points raised in this thread. > Very good writeup IMO and addresses many of the questions/concerns. > > http://jimsun.LinxNet.com/misc/postfix-anti-UCE.txt > ----- indeed and as you say...those who reject based upon client HELO/EHLO address are non-compliant but in reading the perspective on your link, it states... Q2. Regarding your checks "reject_invalid_hostname," "reject_non_fqdn_hostname" and "check_helo_access": Isn't rejecting on HELO/EHLO not being a valid and FQDN'd hostname a violation of the RFC's? A2. Why yes, yes it is. Doing so is a judgement call. In *my* experience: it stops more spam than it does result in "false positives." And in the few cases where it has resulted in false positives, I've found that a friendly dialog with the offending mail server's owner got it straightened out. Your mileage may vary. Machines outside "mynetworks" should *never* HELO/EHLO as being in our domain. So even if you want to forego "reject_invalid_hostname" and "reject_non_fqdn_hostname," it seems to me perfectly reasonable to still do the "check_helo_access" restriction. I see the logic in the 'judgment call' Craig