Bernd Wurst <[email protected]> writes: > Am Mittwoch 03 März 2010 22:28:04 schrieb Nathan Eady: >> * HELO names that don't share at least the top couple of >> levels with the actual FQDN are blocked (so, for instance, >> if the HELO name is hotmail.com, it would match if the >> sending host's PTR record says out2.mail.hotmail.com >> but not if it says cpe-24-210-138-71.woh.res.rr.com. > > This must be modified: > > If the HELO name resolves to the connected IP-address, tis check > must be omitted.
I can live with that. (Arguably, the wording above could even be taken to imply that, since a full match is "at least" as good as a partial match.) > Not every server admin has access to the reverse lookup of his IP > address. Presumably, the mail admin *does* have control over the HELO name, so he *could* make it match. But yeah, in the real world they don't all precisely match, which is kind of the point. Like I said, the goal is to have some checks available that are more lenient than the current BOFHCHECKHELO, which is fairly strict. Some of the checks are more lenient than others, hence the proposal to let some of them be turned on but not others, depending on how much time a given mail admin wants to spend maintaining a whitelist, and whether rejected mail is perceived as a worse outcome than mail that the users deleted by mistake because it was mixed with a pile of spam. The exact balance is bound to vary from one deployment to another. -- Nathan Eady Galion Public Library ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
