Stan Hoeppner wrote: [snip] > >> Received: from [190.221.28.39] (unknown [190.221.28.39]) > > In this example, reject_unknown_reverse_client_hostname would have > generated a 450 rejection. You should always use > reject_unknown_reverse_client_hostname at minimum, or the more > restrictive reject_unknown_client_hostname, though this one can cause > problems with FPs on occasion. Best to use it with warn_if_reject for a > while and monitor what it would have rejected. > > http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname > > However, it appears that 190.221.28.39 has rDNS of > > Name: host39.190-221-28.telmex.net.ar > Address: 190.221.28.39 >
No. The "reject_unknown_reverse_client_hostname" in the above example would not have generated a 450 rejection, since the IP address HAS a reverse dns hostname. http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname The "reject_unknown_client_hostname" generates lots of FP. I would not recommend using it. > so reject_unknown_reverse_client_hostname isn't a permanent solution > here. The host is HELO'ing with an IP address, something legitimate > hosts don't normally do. A check_helo_access pcre table with an > expression that rejects dotted quads (and other undesirable HELO > strings) would work well here. > > Rejecting hosts with generic rDNS, or scoring generic rDNS aggressively > in SA, is also a good way to stop spam from such hosts. fqrdns.pcre > would have rejected this mail outright: > > $ postmap -q host39.190-221-28.telmex.net.ar pcre:fqrdns.pcre > REJECT Generic - Please relay via ISP (telmex.net.ar) > > See: http://www.hardwarefreak.com/fqrdns.pcre > > This pcre table stops a lot of spam. Many OPs here use it with good > success. Instructions are comments at the top of the file. Very low FP > rate. If most of the spam that's causing you a problem is from sources > similar to this host, you'll be pleasantly surprised how much of it > fqrdns.pcre rejects. > May I suggest that we don't reuse well defined abbrevations. OP is "original poster", nothing else. To use it for sysop or mailadmin in a mailing list is confusing. Cheers, Mikael
