On 03/31/2011 07:41 PM, Stan Hoeppner wrote:
Wietse Venema put forth on 3/31/2011 11:42 AM:
Stan Hoeppner:
Received: from mail-iw0-f176.google.com (biz88.inmotionhosting.com
[66.117.14.32])
by greer.hardwarefreak.com (Postfix) with ESMTP id F297D6C12E
for<s...@hardwarefreak.com>; Thu, 31 Mar 2011 06:29:19 -0500
The format is:
Received: from helo-hostname (verified-reverse-name [ip-address])
Thanks Wietse. So, answering my own previous question to Viktor, this
is defined in the docs in the backscatter readme, like so:
Although my email address is "wie...@porcupine.org", all my mail systems
announce themselves with the SMTP HELO command as
"hostname.porcupine.org". Thus, if returned mail has a Received: message
header like this:
Received: from porcupine.org ...
Thus one should deduce that the first hostname in the first received
line is the HELO/EHLO hostname. Not quite the direct definition I
anticipated finding in the docs, or in a location I'd have expected, but
nonetheless the information is present.
This is also useful when setting up backscatter filters: all mail with
a helo-hostname of "porcupine.org", "postfix.org", etc. is a forgery.
I just read (again) the backscatter page. I've never actually
implemented such measures as backscatter has never been a problem here.
I'm thinking I'll go ahead and do so as a preemptive measure..
Backscatter can be a HUGE problem, especially when spammers send you
bounces (with the empty mailer-daemon sender address <>), since you MUST
accept those.
HELO checks are the primary defense against backscatter of this sort; I
use a simple subset of the available options:
smtpd_helo_restrictions = reject_invalid_helo_hostname,
reject_unknown_helo_hostname, reject_non_fqdn_helo_hostname,
check_helo_access hash:/etc/postfix/helo_access, permit
Where helo_access contains my own IPs and hostnames.
This setup will reject an AMAZING amount of spam.
Fair warning: it may also yield the occasional false positive due to a
misconfigured client mail system!
The usual warn_if_reject will help out with that.
--
J.
