On Wed, Sep 18, 2013 at 01:00:48PM +1000, li...@sbt.net.au wrote:
> Return-Path: <bayedfresc...@reuters.com>
> ...
> Received: from p2p (unknown [124.11.170.87])
> by geko.domain.tld (Postfix) with SMTP id 9E40A3827C6
> for <vvv...@domain.tld>; Wed, 18 Sep 2013 08:13:25 +1000 (EST)
Everything below this Received header is fiction. The EHLO name
is not an FQDN and the IP address does not have matching forward
and reverse addresses.
You could try:
main.cf:
# Preferred RE map type:
RE = pcre:${config_directory}/
# HELO restrictions for remote clients
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_helo_access ${RE}helo.re
helo.re
# Clients with non-fqdn HELO names MUST have working FCrDNS
/^[^.]*$/ reject_unknown_client_hostname
> Received: (from root@localhost) by mail8.reuters.com (8.11.3/8.11.3)
> id k6V9OhN71476; Tue, 17 Sep 2013 22:13:50 -0800 (PDT envelope-from root)
> [...]
> is there a script to run through a bunch of emails to anylyze some common
> reason..?
Look for common patters in the first Received headers added by your
MTA. The rest is up to any spam detecting content filters you may have.
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,
> permit_mynetworks,
> reject_unauth_destination,
> check_recipient_access hash:/etc/postfix/recipient_no_checks,
Is your address subject to checks?
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_invalid_hostname,
> reject_non_fqdn_hostname,
This should have blocked the example message, but did not. Why?
--
Viktor.
