MTA Credentials.... We are just recently starting to build these
restrictions moving from relying solely on declude/sniffer to doing more and
more rejects before the DATA command in postfix, however we are doing this
very slowly to minimize the support costs of customers calling.
So far we have minimal credential requirements but keep evaluating your
every suggestion.
> 1. PTR hostname. AOL now rejects mail based on the single criteria of
NOT= =20
> having a PTR hostname. If that's good enough for AOL, why isn't if
good=20
> enough for you?
Over 20,000 4tuple reports per day with no PTR hostname over here on one of
my postfix gateways. (have two). Kinda scary to just block them, and command
line reporting is rather hard to read.
I ran the following to generate an HTML report of every single 4tuple with
no PTR showing PTR(unknown) HELO, FROM and TO. Very easy to page up/down in
a browser window to look at them all.
( this generated over a 3MB html table, give it a minute to render if you
move/resize your browser on a slower machine )
echo "<html><body>" > no-ptr.html ; \
echo "<table
border=1><tr><td>PTR</td><td>HELO</td><td>FROM</td><td>TO</td></tr>"
>>no-ptr.html; \
zegrep '4tuple.* unknown; ' /var/log/maillog.0.gz | \
awk '{print $17" "$21" "$18" "$19}' | \
sort -i | \
sed 's/</\</g' | \
sed 's/>/\>/g' | \
awk '{printf "<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>\n", $1,
$2, $3, $4}' \
>> no-ptr.html ; \
echo "</table></body></html>" >> no-ptr.html
