[IMGate] Re: on a positive note....

Sat, 06 Sep 2003 00:58:18 -0700 

I get this, in theory. I just don't get how you're doing it. :)
I'm not usually so thick.

I looked at the readme again (even printed it).=20

I understand that:
        1. Main.cf says run the senders domain through
from_senders_bogus
                It does this by setting
                Smtpd_recipient_restrictions =3D
                 check_sender_access
hash:/etc/postfix/from_senders_bogus.map,
                (among others)

        2. from_senders_bogus is derived from monkeys,=20
                and contains commonly forged domains.=20
                For each of these, a line like:
                        101percent.com  reject_unknown_client
                Instructs postfix to check for a PTR and A-PTR
relationship.

So, if a host 1.1.2.3 connects, and presents a envelope sender of
[EMAIL PROTECTED], postfix does an rdns lookup on 1.1.2.3

If that rdns fails, the unknown_client_reject_code is sent and the mail
is rejected.

OTOH, if 1.1.2.3 returns a PTR of (for argument's sake)
mail.badbadbad.org, then postfix will do a forward dns lookup on the
returned name (mail.badbadbad.org).

If mail.badbadbad.org has NO A record, postfix rejects the mail.

If it does have an A record (or multiple A records), one of the A
records returned must match the MTA IP.

So, in my case, my server sending out mail from 198.235.200.78 has these
two records:

        78.200.235.198.in-addr.arpa     name =3D mail-byron.theedge.ca
and     mail-byron.theedge.ca   internet address =3D 198.235.200.78

Theedge.ca is my provider, and I *never* send mail from anything at
theedge.ca. (But, I'm not a commonly forged domain :) ). So, therefore,
my mail passes the reject_unknown_client test.

What I don't understand, is how you enforce the fact that the PTR must
be in the same subdomain as the returned lookup.=20

Sorry for the lengthy post, but I wanted to explain what I think I
understand. If I've got it wrong, let me know. If I've got this part
right, tell me what I not reading/getting/knowing about how you
implement the below.


-----Original Message-----
From: Len Conrad [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 02, 2003 6:05 PM
To: [EMAIL PROTECTED]
Subject: [IMGate] on a positive note....

[a bunch snipped]
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

another restriction being evaluated says:

if PTR hostname is <bigISP>, then the mail from: sender.domain must be
from=20
same domain.

eg, I refuse mail from: @hotmail.com when send from AOL PTRs.

Reply via email to