Nov 18 02:51:28 mx1 postfix1/smtpd[47333]: 4A4091FBB02: reject_warning: RCPT from cpe-24-107-232-14.ma.charter.com[24.107.232.14]: 554 <cpe-24-107-232-14.ma.charter.com[24.107.232.14]>: Client host rejected: 1tuple, cpe-24-107-232-14.ma.charter.com; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo=<declude.com>
Still has .ma.charter.com -----Original Message----- From: Len Conrad [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 10:09 AM To: [EMAIL PROTECTED] Subject: [IMGate] Re: updated subscriber filter >Is there a complete mta_clients_subscriber.regexp file that is posted >anywhere? The one I have is dated 8/14, but I'm sure its been improved >upon in the past 2 months. I haven't improved upon it, but it probably is time to move the joker and joker2 reject into explicit filter lines. but with about 400 networks explicitly listed then the joker filter, there's not much to improve, so don't feel crippled with the August filter. One reason for doing the above is to allow US IMGators, who won't/can't use the full subscriber list, to edit the list to DUNNO each of the US/CA cable/DSL nets (or at least the ones local to their region), while still catching all the foreign nets. There was a press item in the last few days about cable/DSL networks having a record quarter for new signups, so the subscriber abuse potential in NA is increasing rapidly. Since I've been implementing stmpd_restriction_classes in the advanced IMGate, I've been trying to imagine a .class that could handle the USA subscriber nets, based on the abuse they do. logic would be: (for those who won't run the subscriber filter full bore against usa networks) If <USA subscriber networks PTR>, then: check_client_access pcre: (refuse ccTLD helo hostname) check_sender_access pcre: (refuse ccTLD @sender.domain) ... that would kill tons of foreign TLDs used by USA spammers, and would certainly not catch many if any legit USA MTAs using forgeign helo/sender.domain (are there any?). The pcre would look something like: /(.*\.[a-zA-Z][a-zA-Z]$)/ 554 ACL The subscriber network PTR hostname is not authorized to send the HELO hostname, HELO = "$1" /(.*\.[a-zA-Z][a-zA-Z]$)/ 554 ACL The subscriber network PTR hostname is not authorized to send the @sender.domain, sender.domain = "$1" btw, I was reviewing a report and saw traffic with declude sender+helo but with no PTR. Has Scott gotten charter to remove his ma.charter.net PTR so he won't get caught in subscriber filters? It would have been better to have charter give his IP a declude PTR. I've always wondered why Scott refuses to relay declude's outbound through a non-subscriber IP over at ComputerizedHorizons. Is he still affiliated with them? Doesn't he trust CH's MTAs to handle his declude outbound? As usual, there is always a solution for legit MTAs running in subscriber networks to escape the subscriber filter. 1. have the network operator change their PTR hostname to their own domain 2. run own DNS and have reverse zone delegated to it. 3. relay their outbound (only) through ISP or partner MTA. 4. If Scott's case is real, it's one I hadn't thought about, run with no PTR. (maybe the network operator's policy is not to put a client's domain in the network operator's DNS/PTR, but will remove the operator's standard network PTR). Len
