On Fri, Jan 31, 2014 at 11:00 AM, li...@rhsoft.net <li...@rhsoft.net> wrote:
> > > Am 31.01.2014 13:41, schrieb Larry Stone: > > On Jan 30, 2014, at 10:21 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: > > > >> On 1/30/2014 7:17 PM, li...@sbt.net.au wrote: > >>> my pre configured Postfix inluded these helo_access.pcre rejects; > >>> > >>> today, I noticed an expected email was bounced by one of the > >>> pre-configured rules as so: > >>> > >>> Jan 31 10:08:01 emu postfix/smtpd[11075]: NOQUEUE: reject: RCPT from > >>> unknown[59.167.231.218]: 554 5.7.1 <eth6619.nsw.adsl.internode.on.net > >: > >>> Helo command rejected: Go away, bad guy (adsl).; from=< > hele...@tld.com.au> > >>> to=<voy...@tld.net.au> proto=ESMTP > >>> helo=<eth6619.nsw.adsl.internode.on.net> > >>> > >>> host 59.167.231.218 > >>> 218.231.167.59.in-addr.arpa domain name pointer ns3.cipaname.com. > >>> > >>> before I contact the sender to tell them "you are misconfigured"; > >> > >> There are some legit static IP servers with a hostname containing > >> /adsl/, so you'll need to watch out for false positives. How much of > >> a problem that is will be site specific. > > > > I'll echo what Noel said. And based on your subject, you may have the > idea that > > having (A)DSL service and having a dynamic TCP/IP address are > equivalent. They are not! > > There are a lot of legitimate small business and SOHO servers on static > DSL connections > > correct > > > In many cases, the DSL provider will change the reverse DNS but not > always > > It's the dynamic address hostnames you want to block > > i would at least call a ISP questionable which does not change a PTR > like "eth6619.nsw.adsl.internode.on.net" to "mail.example.com" if > someone intents to run a MTA on that IP and personally never go > online with a mailserver having a generic PTR > > best practice these days is matching HELO-name/A-Record/PTR > > things like dialup/adsl/dsl/dynamic/dyn should not exist in a MTA-PTR > Hi, May be you can implement a filter that allow a white-list of adsl servers... Always a user tells he is not able to receive an e-mail from this server or that, you can add it to the white-list. What about that? Fernando
