Because of relentless SPAM delivery attempts I decided to implement BOFHCHECKHELO in smtpaccess/default:
# Demand valid DNS record for HELO/EHLO greeting * allow,BOFHCHECKHELO=1 For the most part it's worked very well for me, with the occasional need for exceptions for brain-damaged sites; e.g. # Pure Live Gigs uses a stupid ISP with a HELO of "myserver01.myexample.com" 74.52.214.250 allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0 # Pop Justice too - "localhost.localdomain", duh. 78.129.146.203 allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0 But I have a big problem with Yahoo!. Some friends and relatives with Yahoo! e-mail addresses have had instances of e-mailing me only to have their mails rejected. So I took a look. Turns out I'm often getting BOFHCHECKHELO rejections for Yahoo! SMTP servers that submit a valid HELO from an IP that maps back to the correct HELO name via PTR and they have a valid A record, yet they still get rejected by Courier: syslog.7:Dec 25 20:18:11 isolar courieresmtpd: [ID 702911 mail.error] error,relay=::ffff:98.139.91.216,from=<[relative@relative's address]>: 517 HELO nm19-vm0.bullet.mail.sp2.yahoo.com does not exist. syslog.3:Jan 21 05:59:53 isolar courieresmtpd: [ID 702911 mail.error] error,relay=::ffff:209.191.126.210,from=<flickr.mzwgsy3loiwtcmrzgu3dcobtha2a-earle=isolar.dyndns....@returns.bulk.yahoo.com>: 517 HELO n4.bullet.mud.yahoo.com does not exist. syslog.3:Jan 21 15:49:59 isolar courieresmtpd: [ID 702911 mail.error] error,relay=::ffff:98.138.91.58,from=<[friend@friend's address]>: 517 HELO nm17-vm0.bullet.mail.ne1.yahoo.com does not exist. syslog.2:Jan 24 07:25:26 isolar courieresmtpd: [ID 702911 mail.error] error,relay=::ffff:111.67.240.244,from=<[friend@friend's address>: 517 HELO nm2-vm0.bullet.mail.kr3.yahoo.com does not exist. syslog.1:Jan 31 07:09:02 isolar courieresmtpd: [ID 702911 mail.error] error,relay=::ffff:98.139.91.93,from=<[relative@relative's address]>: 517 HELO nm23.bullet.mail.sp2.yahoo.com does not exist. syslog.1:Feb 4 12:23:27 isolar courieresmtpd: [ID 702911 mail.error] error,relay=::ffff:98.138.91.55,from=<[relative@relative's address]>: 517 HELO nm3-vm0.bullet.mail.ne1.yahoo.com does not exist. syslog:Feb 16 16:15:20 isolar courieresmtpd: [ID 702911 mail.error] error,relay=::ffff:98.138.91.23,from=<[email protected]>: 517 HELO nm8-vm0.bullet.mail.ne1.yahoo.com does not exist. I don't really understand why, because sometimes they get through just fine: Feb 17 14:44:37 isolar courieresmtpd: [ID 702911 mail.info] started,ip=[::ffff:98.138.91.70] Feb 17 14:44:37 isolar courierd: [ID 702911 mail.info] newmsg,id=000C7D57.4D5DA4D5.000060CA: dns; nm15-vm0.bullet.mail.ne1.yahoo.com ([::ffff:98.138.91.70]) There's more (including some SPAM) but you get the idea. After seeing the bounce on Jan. 31st I added an exception entry to try and let anything through from that subnet: isolar:1:64 [/opt/courier/etc/smtpaccess] # ls -l default -rw-r--r-- 1 daemon 5775 Jan 31 10:07 default isolar:1:65 [/opt/courier/etc/smtpaccess] # grep 98.138.91 default 98.138.91 allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0 Yet as you can see from the Feb. 4th entry, another one got bounced despite my exception. couriertcpd(1) implies that subnet specifiers work in an "allow", and I double-checked to make sure the whitespace is a <tab>. Anything obvious I'm overlooking? Thanks, - Greg ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
