Re: Request for feedback on SMTPD restrictions

https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre check_client_access hash:/etc/postfix/whitelist check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre On Sun, January 28, 2018 7:00 am, Noel Jones wrote: So generally, you can put it anywhere after

Re: Request for feedback on SMTPD restrictions

On Sun, January 28, 2018 7:00 am, Noel Jones wrote: >>> https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre >> check_client_access hash:/etc/postfix/whitelist >> check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre > So generally, you can put it anywhere after >

Re: Request for feedback on SMTPD restrictions

On 1/26/2018 11:47 PM, Voytek wrote: > On Wed, January 24, 2018 3:55 am, Noel Jones wrote: > >> There is no simple regexp, but there is the fqrdns.pcre project. The >> project is a large hand-maintained list of dynamic hostnames with a goal of >> zero false positives. It's not perfect, but it's

Re: Request for feedback on SMTPD restrictions

On Wed, January 24, 2018 3:55 am, Noel Jones wrote: > There is no simple regexp, but there is the fqrdns.pcre project. The > project is a large hand-maintained list of dynamic hostnames with a goal of > zero false positives. It's not perfect, but it's useful and safe for > general use. > >

Re: Request for feedback on SMTPD restrictions

smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access hash:/etc/postfix/helo_acl, reject_unknown_helo_hostname, permit On Jan 22, 2018, at 8:43 AM,

Re: Request for feedback on SMTPD restrictions

On 23 January 2018 at 16:55, Noel Jones wrote: > On 1/23/2018 1:06 AM, Dominic Raferd wrote: >> On 23 January 2018 at 04:20, Noel Jones > > wrote: >> >> Strong spam indicators for the HELO are >> (note: this

Re: Request for feedback on SMTPD restrictions

On Tue, Jan 23, 2018 at 11:51:37AM -0500, Bill Cole wrote: > > There is imprecise language in RFC1035 (1987) implying that there should be > only one PTR per IP but it depends on the idea of a "primary host name" for > an IP, which is not universally meaningful or useful as a naming concept. We

Re: Request for feedback on SMTPD restrictions

On 1/23/2018 1:06 AM, Dominic Raferd wrote: > On 23 January 2018 at 04:20, Noel Jones > wrote: > > Strong spam indicators for the HELO are > (note: this is for mail coming from the internet. Authenticated > submission mail or

Re: Request for feedback on SMTPD restrictions

On 22 Jan 2018, at 22:31 (-0500), li...@lazygranch.com wrote: So if I do a reverse DNS lookup on some IP addresses, I will get multiple domains? Yes, as long as you use a DNS resolution tool and not a client of the abstracted name resolver of your OS (which may use a complex federation of

Re: Request for feedback on SMTPD restrictions

On 23 January 2018 at 16:12, Andrew Sullivan wrote: > On Tue, Jan 23, 2018 at 10:50:24AM -0500, Kris Deugau wrote: >> >> There is no One True Standard, and even within the more common conventions >> there are quite a few variations. > > And even if people came up with a

Re: Request for feedback on SMTPD restrictions

On Tue, Jan 23, 2018 at 10:50:24AM -0500, Kris Deugau wrote: > > There is no One True Standard, and even within the more common conventions > there are quite a few variations. And even if people came up with a standard, the operator could lie. After all, it's just DNS. There are no DNS Police

Re: Request for feedback on SMTPD restrictions

Dominic Raferd wrote: ​Is there a method (regex?) for reliably identifying dynamic ip addresses? Short answer: No. If you really insist on going down that rabbit hole, look up the RDNS_DYNAMIC rule from Apache SpamAssassin. It's an aggregation of 25 provider-specific probably-dynamic rDNS

Re: Request for feedback on SMTPD restrictions

Dominic Raferd wrote on 23.01.2018 at 9:06: > > ​Is there a method (regex?) for reliably identifying dynamic ip addresses?​ > Take for instance 199-127-103-235.static.avestadns.com - it looks dynamic to > me but it says it is static. Is it best/safest to rely on

Re: Request for feedback on SMTPD restrictions

On 23 January 2018 at 04:20, Noel Jones wrote: > Strong spam indicators for the HELO are > (note: this is for mail coming from the internet. Authenticated > submission mail or legit mail from devices on your network might > break any of these) > - a dynamic hostname (eg.

Re: Request for feedback on SMTPD restrictions

On 1/22/2018 8:36 PM, J Doe wrote: >>> smtpd_helo_required = yes >>> smtpd_helo_restrictions = permit_mynetworks, >>>reject_unauth_pipelining, >>>reject_invalid_helo_hostname, >>>reject_non_fqdn_helo_hostname, >>>check_helo_access hash:/etc/postfix/helo_acl, >>>

Re: Request for feedback on SMTPD restrictions

Replies in the middle of the email for clarity. On Mon, 22 Jan 2018 17:18:42 -0500 "Bill Cole" wrote: > On 21 Jan 2018, at 20:44 (-0500), li...@lazygranch.com wrote: > > > The reverse DNS can only point to one domain > > name. > > Not so. Multiple

Re: Request for feedback on SMTPD restrictions

Hi, > On Jan 22, 2018, at 8:43 AM, Matus UHLAR - fantomas wrote: > >> smtpd_helo_required = yes >> smtpd_helo_restrictions = permit_mynetworks, >>reject_unauth_pipelining, >> reject_invalid_helo_hostname, >>reject_non_fqdn_helo_hostname, >>check_helo_access

Re: Request for feedback on SMTPD restrictions

Hi Noel, > On Jan 21, 2018, at 3:35 PM, Noel Jones >> smtpd_client_restrictions = permit_mynetworks, >>reject_unauth_pipelining, >>check_client_access hash:/etc/postfix/client_acl, >>reject_unknown_client_hostname, >>permit > >

Re: Request for feedback on SMTPD restrictions

On 21 Jan 2018, at 20:44 (-0500), li...@lazygranch.com wrote: The reverse DNS can only point to one domain name. Not so. Multiple PTR records for one address may violate some people's expectations, but it's not wrong if the address doesn't really have a public name that is more "real" than

Re: Request for feedback on SMTPD restrictions

On 21.01.18 00:56, J Doe wrote: I have a basic SMTP server set up with what I believe to be good smtpd_*_ restrictions, but I was wondering if anyone could provide any insight on how to improve them or if I have been redundant in the restrictions. Even with reading the man pages, I find some of

Re: Request for feedback on SMTPD restrictions

On Sun, 21 Jan 2018 14:35:42 -0600 Noel Jones wrote: > On 1/20/2018 11:56 PM, J Doe wrote: > > Hi, > > > > I have a basic SMTP server set up with what I believe to be good > > smtpd_*_ restrictions, but I was wondering if anyone could provide > > any insight on how to

Re: Request for feedback on SMTPD restrictions

On 1/20/2018 11:56 PM, J Doe wrote: > Hi, > > I have a basic SMTP server set up with what I believe to be good smtpd_*_ > restrictions, but I was wondering if anyone could provide any insight on how > to improve them or if I have been redundant in the restrictions. Even with > reading the man

Request for feedback on SMTPD restrictions

Hi, I have a basic SMTP server set up with what I believe to be good smtpd_*_ restrictions, but I was wondering if anyone could provide any insight on how to improve them or if I have been redundant in the restrictions. Even with reading the man pages, I find some of the restrictions tricky.