>And how forgiving of servers who's reverse DNS matches the filter.
if somebody gets a complaint to you, they very likely aren't spamming, so let them through, but they must have a fixed IP. The first tactic is to relay their outbound through their provider's gateway. or change the PTR hostname so it not caught as as subcscriber filter. (and they should also change their helo hostname since it may be caught by the helo_hostnames.regexp ) >What brings this up is I spent half the day arguing with some list provider >because their HELO is an IP address what a waste of time. they put up good credentials or they get blocked. and the more they get blocked, the more their list members will bitch. If they can't change their mail servers helo hostname to a FQDN, block them. They aren't serious about their mail system nor trying to help fight spam. >And now today this regexp is causing 'greif' > >/(.*\.customer\..*)/ REJECT ACL subscriber_network, (customer) ..... > >Oct 8 11:58:30 mx1 postfix1/smtpd[35821]: 37D0E1FB326: reject: RCPT from >tri-lakes-net-130.bran.customer.centurytel.net[69.29.40.130]: 554 ><tri-lakes-net-130.bran.customer.centurytel.net[69.29.40.130]>: Client host >rejected: ACL subscriber_network, (customer) see >http://mx.nwfl.net/?a=sn&m=tri-lakes-net-130.bran.customer.centurytel.net; >from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP > >Now their MX does point to that IP, >And they have several ips in that range delegated to them no, they don't. # dig -x 69.29.40.130 ns ; <<>> DiG 9.2.3rc3 <<>> -x 69.29.40.130 ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57761 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;130.40.29.69.in-addr.arpa. IN NS ;; AUTHORITY SECTION: 40.29.69.in-addr.arpa. 10781 IN SOA ns1.centuryinter.net. hostmaster.centurytel.net. 2003073001 86400 3600 3600000 86400 the enclosing zone is the ClassC and ns1.centuryinter.net. is authoritative. >Now a quick fix on my part is a DUNNO of course, >But I'de rather see them get their own REVDNS without the word "customer" or >maybe with "mx" somewhere in there... > >Do you guys thing that's reasonable? Only you can decide how "hard" you want to be. The key thing is NOT to spend half a day on these fools. either DUNNO them, and block them, but move on. Len
