[CentOS] SPAM on the List

Mon Jul 18 04:02:16 UTC 2011
Emmanuel Noobadmin <centos.admin at gmail.com>

On 7/18/11, Always Learning <centos at u6.u22.net> wrote:
> Sorry if I seem thick but I am having problems understanding why, with
> the use of NAT, the HELO/EHLO and their external IP address can not
> match.  Also what influences does scaling have on the ability of sending
> mail servers (MTAs) to operate with host names that match their IP
> addresses ?

I'm trying to make sense of your suggestion and the objections raised,
since I do want to cut down on spam coming into my own server but at
the same time I don't want to cut off legit senders.

So far it seems to me that in for larger corps, this is what the
problem might be.

Say they have 3 different connections for redundancy, one serves
aaa.bbb.ccc.1x, another serve aaa.bbb.ccc.2x and the last .3x

And they have a bunch of services running on various servers, say 10
of them. each with their own hostname e.g. mail1.xyzcorp.com,
mail2.xyzcorp.com

For troubleshooting/tracing purposes, they use different HELO/EHLO
names for the servers and each mail server has their own IP range in
the aaa.bbb.ccc.xx net.

Since they have less outgoing connections than SMTP servers, their
router load balance the outgoing amongst the 3 connections.

So in this case, mail2.xyzcorp.com which HELO with aaa.bbb.ccc.11 may
get sent out via the aaa.bbb.ccc.20 or aaa.bbb.ccc.30 connection and
by your rules get blocked despite being legit.


At least that's how I'm understanding it but I don't admin any site
large enough to know if things are ever set up like that.