OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Phil Howard (phil-postfix-usersipal.net)
Date: Thu May 03 2001 - 03:51:22 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I have more than that, actually. The whole setting is:

    smtpd_helo_restrictions =
            permit_mynetworks
            reject_invalid_hostname
            reject_non_fqdn_hostname
            reject_unknown_hostname
            permit

    I've been looking over my logs and considering my missing mail.
    It seems I'm losing much more spam than I'm losing legitimate
    mail. So far only 3 domains have problems with legitimate mail
    trying to come in and getting rejected. But at least 15 now are
    places sending some form of spam. Some are direct dialups that
    DUL missed. Most of them seem to be institutional spammers that
    are sending mostly to unknown users, but to some legitimate users.

    The interesting thing is I have had several cases of mail coming
    in to never-existed users, which are apparently cases of someone
    on the net typing a fake email address, or misttyping, and these
    places neither confirm the address, nor reap the list based on
    rejections. Some rejections for non-existant user are getting
    past the checking during SMTP and the reject message going back
    reaches bad/dead mail servers. What reject_unknown_hostname
    seems to be doing is stopping virtually all of this. It seems
    that having a bad HELO command hostname is the first mark of a
    misconfigured network.

    Of the 3 legitimate cases that were being blocked, 1 of them is
    definitely using mail servers behind a NAT and leaving their names
    out of DNS (for security reasons?). I suspect the other 2 have
    the same problem as well. The solution would seem to me to either
    put on the firewall's hostname in HELO, or add their names to the
    DNS pointing to the firewall IP.

    I've seen some messages here in the past regarding some issues of
    "pedantic" checks having problems with "real world" situations,
    but I think I will leave this setting in place because I feel to
    remove it just because some places have misconfigurations is to
    at a minimum not discourage such misconfigurations, and may even
    have some effect of encouraging it.

    Your thoughts? 

    -- 
-----------------------------------------------------------------
| Phil Howard - KA9WGN |   Dallas   | http://linuxhomepage.com/ |
| phil-nospamipal.net | Texas, USA | http://phil.ipal.org/     |
-----------------------------------------------------------------

    -
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users