Wed to Fri are cancelled, with pay. Look at this new reject message:
Sep 2 18:46:34 xxx postfix/smtpd[9094]: A478753520: reject: RCPT from adsl-157-99-134.clt.bellsouth.net[66.157.99.134]: 554 <adsl-157-99-134.clt.bellsouth.net[66.157.99.134]>: Client host rejected: ACL The PTR hostname "adsl-157-99-134.clt.bellsouth.net" does not match the HELO hostname.; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=SMTP helo=<compuserve.com> This loser is really in deep sh!t with me: 1. it's a subscriber net 2. the bellsouth ADSL line says helo as compuserve.com 3. and says MAIL FROM [EMAIL PROTECTED] blocking by 1. is easy enough to understand, but blocking 2 and 3 aren't. I do them with restriction classes. a. if helo hostname is <somebigISP>, then the PTR hostname must be from the same. b. if the @sender.domain is <somebigISP>, then the PTR hostname must be from the same b. is what did the above reject. It catches 1000's / day. ====================== btw, I tried another restriction class for this policy: if (PTR hostname doesn't exist) _AND_ (helo hostname is unfindable in DNS), then reject, else accept. The reject on missing PTR hostname alone causes too many false positives, so I figured if the jerk at least got the HELO hostname right, I'd accept his mail. both wrong = plonk. But, no, there are still a lot of false positives where legitmate, card-carding jerks have no PTR hostname and HELO name is not findable in DNS. Anyway, with warn_if_reject, this filter should be good for harvesting the true positives manually. ================= another restriction being evaluated says: if PTR hostname is <bigISP>, then the mail from: sender.domain must be from same domain. eg, I refuse mail from: @hotmail.com when send from AOL PTRs. Len
