1. make a file called /etc/postfix/helo_world.regexp :))
2. containing one line:
/.*/ 554 4tuple
... which matches the entire world's helo hostname.
3. put the restriction just before permit at the end of your
smtpd_recipient_restrictions:
warn_if_reject check_helo_access pcre:/etc/postfix/helo_world.regexp,
permit
4. postfix reload
5. This restriction will match ALL ("world") msgs that escape all earlier
SMTPD restrictions, ie, what you are receiving, and log a line reject_warning.
6. Observe the 4tuple of "PTR[IP] [EMAIL PROTECTED] [EMAIL PROTECTED] helo_hostname"
in real time with:
tail -f -n 100 /var/log/maillog | awk '/4tuple/ {print $10" "$17" "$18"
"$20" "$22}'
7. report sorted by PTR with this line:
egrep -i "4tuple" /var/log/maillog | awk '{print $10" "$17" "$18" "$20"
"$22}' | sort -t[ -k2 | less
It's very easy (and perhaps depressing) to see the crap that is getting
through.
Your blocking should be by PTR hostname or IP, if possible.
have fun
Len
