Hi Len:
When i entered the code below into my main.cf file and added the new file
helo_hostames_bw.regexp and later i did a postmap *.map ( because i made a
change to the transport file it gave methis error.... what did i do
wrong...any idea.... this happened after i added that new code....
line 63: missing '=' after attribute name: "warn_if_reject
pcre:/etc/postfix/helo_hostnames_bw.regexp,
thanks ..... did i type something wrong or what?
Sheldon
----- Original Message -----
From: "Len Conrad" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 26, 2003 11:08 PM
Subject: [IMGate] an ip as helo hostname
>
> A lot of spammers and some messed up legit server sends your MX's IP as
> their HELO hostname, or send their or some other IP as HELO hostname.
>
> I suggest you look at the situation on your box with this as your last
> restriction (always do this to see what gets past all your other filters):
>
> smtpd_recipient_restrictions =
> .
> .
> .
> warn_if_reject pcre:/etc/postfix/helo_hostames_bw.regexp,
> permit
>
> and helo_hostames_bw.regexp contains just one line:
>
> /[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ 554 ACL
helo_hostnames_regexp
>
> The regex for a dotted quad label is digits 0-9, in a group of 1 to 3
> digits, in 4 groups, separated by "."
>
> That will catch any dotted quad IP in helo hostname, either naked or
> embedded in other text, such as when spammers send a subscriber-network
PTR
> hostname as helo hostname.
>
> If you want to block only naked IPs, use the BOL and/or EOL anchors:
>
> /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/ 554 ACL
> helo_hostnames_regexp
>
> This is an extension of Bill Landry's and my suggestion last week, which
> was for blocking helo containing your MX's own IP. The above blocks for
> ANY IP, since IP is Helo is invalid.
>
> In just the first hour of Wednesday:
>
> %less /var/tmp/spam-stats.rpt
> 1 ACL RAV: unverifiable recipient address
> 1 ACL [EMAIL PROTECTED]
> 4 ACL from_senders_black
> 4 ACL mta_clients_sav
> 4 ACL from_senders_secsag
> 6 SMTP Exceeded Hard Error Limit after MAIL
> 6 ACL mta_clients_regex
> 7 ACL mta_clients_black
> 7 ACL from_senders_slet
> 9 SMTP Exceeded Hard Error Limit after END-OF-MESSAGE
> 9 ACL RAV: new verification
> 16 ACL body checks
> 19 ACL mta_clients_spamdomins
> 20 ACL bogon network header
> 21 DNS no A/MX for @recipient.domain
> 23 ACL mta_clients_subscriber network
> 26 ACL from_senders_regexp
> 26 ACL from_senders_bw
> 38 DNS timeout for MTA PTR hostname (forged @sender.domain)
> 45 ACL mta_clients_conn
> 46 ACL mta_clients_helo
> 58 ACL header checks
> 60 ACL helo hostname contains an IP <<<<<<<<<<<<<
> 67 DNS no A/MX for @sender.domain
> 101 DNS nxdomain for MTA PTR hostname (forged @sender.domain)
> 109 ACL from_senders_imgfx
> 126 ACL SAV: undeliverable sender address
> 126 ACL unqualified helo hostname
> 153 ACL SAV: new verification in progress
> 189 ACL helo hostname = my IP <<<<<<<<<<<<<<
> 261 RBL spamdomains.blackholes.easynet.nl
> 453 ACL SAV: unverifiable sender address
> 657 ACL RAV: undeliverable recipient address
> 685 ACL subscriber network
> 690 SMTP Exceeded Hard Error Limit after DATA
> 714 ACL mta_clients_dict
> 965 SMTP Exceeded Hard Error Limit after RCPT
> 1507 ACL mta_clients_bw
>
> 7259 TOTAL
>
> amazing, huh?
>
> Len
>
>
>
