|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Update: Postfix blacklist by MX or NS host
From: Alexander Skwar (listen
alexander.skwar.name)
Date: Fri Sep 19 2003 - 13:12:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Wietse Venema wrote:
> You DO have problems reading.
Well, if you want to put it that way...
> The check_helo_mx_access restriction DOES NOT apply to the host/domain
> given in HELO.
>
> The check_helo_mx_access restriction applies to THE MX HOSTS of
> the host/domain given in HELO.
I don't understand this.
"It applies to the mx hosts of the host given in HELO". Hmm... When I
write this:
HELO this-is-verisign.com
Then the host given in HELO is "this-is-verisign.com", correct? Just
like any Verisigin wildcard domain, this doesn't have a MX record:
# dig this-is-verisign.com mx
; <<>> DiG 9.2.2 <<>> this-is-verisign.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20508
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;this-is-verisign.com. IN MX
;; AUTHORITY SECTION:
com. 10795 IN SOA a.gtld-servers.net.
nstld.verisign-grs.com. 2003091900 1800 900 604800 86400
;; Query time: 39 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 19 20:13:07 2003
;; MSG SIZE rcvd: 111
I thought, that this check would REJECT mails from non-existant domains
which resolve to the Verisign wildcard domain. Is this not what this
check is supposed to do? In which cases would the restriction apply?
Could you please give an example?
Alexander Skwar
--
-> Keine Kopien senden - ich lese die Listen in denen ich schreibe! <-
-> Do not CC me on replies - I read the list in which I write! <-
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]