> >> I repeat there is no *technical* restriction. This is also
> >> NO RFC that says you SHOULD / MUST send mail by any means
> >> other than direct.
The RFCs apply to "Fantasy Land of RFC-reading Professional, Competent MTA=
=20
Operators" which is a country where none of work.
Rules and conventions applied with good will are wonderful, but we aren't=20
in, haven't been in, that environment in years.
Some rabble rouser is going to say "Len Conrad is against complying with=20
RFCs". Out-of-context non-sequiturs are exactly what rouses the rabble.
Blocking all mail from subscriber networks is highly effective and I will=20
recommend it.
Here is the method behind my madness.
Let's look again at hsia.telus.net (high speed internet access) through the=
=20
first 7 hours of Saturday morning (but take any 7 hours, the results are=20
identical)
First, total number of connects:
egrep -ic ": connect from.*hsia\.telus\.net" /postfix/log/maillog
150
total number of hsia rejects, all types:
# egrep -ic "reject.*hsia\.telus\.net" /postfix/log/maillog
232
huh?? well, smtpd_hard_error_limit is 2.
How many times did postfix hangup on the hsia caller due to SHEL:
# egrep -ic "too many.*hsia\.telus\.net" /postfix/log/maillog
71
of those total hsia rejects, how many were to unknown users=20
(check_recipient_maps runs before subscriber filter):
# egrep -i "reject.*hsia\.telus\.net" /postfix/log/maillog | egrep -ic=20
"unknown in (local|relay)"
187
Of the rejects NOT for unknown users , ie, for known users, let's look at=20
the MAIL FROM: and HELO fields:
# egrep -i "reject.*hsia\.telus\.net" /postfix/log/maillog | egrep -iv=20
"unknown in relay" | cut -d ";" -f2 | awk '{print $1" "$4}' | less
from=3D<[EMAIL PROTECTED]> helo=3D<mail.candw.ky>
from=3D<[EMAIL PROTECTED]> helo=3D<CREATIONmail.com>
from=3D<[EMAIL PROTECTED]> helo=3D<CREATIONmail.com>
from=3D<[EMAIL PROTECTED]> helo=3D<anik62dy455l.ab.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<awiq54i1y8qk.ab.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bjhj20g6y2al.ab.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bjhj20g6y2al.ab.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<compuserve.com>
from=3D<[EMAIL PROTECTED]> helo=3D<ajhi19yzy56oa.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<adit24t5y497g.ab.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<a3j438ony240g.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> =
helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<bwjo41h7y0cf.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<aliq13l2y25hc.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<aliq13l2y25hc.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<a3j438ony240g.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<aojz18qoy42ie.bc.hsia.telus.net>
from=3D<[EMAIL PROTECTED]> helo=3D<freemail.lt>
from=3D<[EMAIL PROTECTED]> helo=3D<freemail.lt
There's no obligation, but it's kinda weird that not a single sender is=20
using his telus.net mail address.
When the Helo is unforged (remains telus), the FROM: is junk.
When the HELO is not telus, the ESD doesn't match the HELO domain (as you=20
would expect from a legit, business server).
Ha! Another POV I just hit upon: whether the HSIA sender to known users=20
said HELO or EHLO:
# egrep -i "reject.*hsia\.telus\.net" /postfix/log/maillog | egrep -iv=20
"unknown in relay" | cut -d ";" -f2 | awk '{print $3}' | egrep -ic "=3DESMTP=
"
3
# egrep -i "reject.*hsia\.telus\.net" /postfix/log/maillog | egrep -iv=20
"unknown in relay" | cut -d ";" -f2 | awk '{print $3}' | egrep -ic "=3DSMTP"
44
Spammers don't EHLO because they don't want an EHLO handling by the=20
destination MX, and there is nothing in EHLO protocol that the spammers are=
=20
interested in. HELO is faster for them.
There's nothing special about hsia.telus, so I predict that the above kind=
=20
of analysis will hold up for ANY subscriber network.
I=B4ll look again later for the full 24 hours. I'll look at same for=
rr.com,=20
comcast, adelphia. But it gets pretty boring in a hurry.
If you are evaluating the subscriber filter in warn_if_reject mode, the=20
above commands will help see better what is going on.
Len
