On Monday 05 November 2007, Paul Chauvet wrote: > In Postfix at least, you can do this with reject_non_fqdn_hostname in > the smtpd_helo_restrictions. In addition we reject a ton of spam from > people who try to HELO/EHLO as our hostname or IP address.
Yes that also helps quite a bit. It's also not RFC 2821 compliant to send a raw IP address for a HELO/EHLO greeting, so I reject those as well. [An IP address encapsulated in brackets is okay.] Also good to reject a HELO/EHLO claiming to be from your own IP block, or which are in RFC 1918 private IP address ranges. When making new blocking rules, I add some unique text to the log for each rejection [I think most admins do this]. This allows for grepping for what a particular rule rejected. It also allows for building automated tools to search the logs and output statistics of which rules blocked and how much. I've seen others do this and the output is somewhat interesting. I suppose it's not surprising that I'm only accepting around 1% of all email sending attempts. :-/ I've seen similar statistics from others. -- Chris -- Chris Knadle [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Oct 3 - Security and Privacy Nov 7 - Django Python Application Framework
