|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: To all of You who use: reject_non_fqdn_hostname and reject_unknown_hostname
postfix
bitfreak.org
Date: Sat Sep 02 2006 - 02:22:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
o2 - Marcin Wasilewski wrote:
> Hello,
>
> I have a question to all of You who use: reject_non_fqdn_hostname and
<...>
> I would like to enable
> reject_non_fqdn_hostname
> reject_unknown_hostname
>
> but I wonder how many false-positives it gives..
DNS in its current form has absolutely zero integrity, so basing a trust
model on it (reject_unknown_hostname and the like) is foolhardy. I do
use reject_non_fqdn_hostname with excellent results: it and
reject_invalid_helo_hostname currently account for 45-60% of the
messages blocked pre-queue and I've yet to get a false positive that
wasn't due to someone not reading the fine MUA setup instructions. You
do have to put in workarounds for the usual broken mail clients;
however, SASL authentication and/or using the submission port makes that
easy.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]