Re: 'reject_non_fqdn_helo_hostname' not working?!
Nikolas, please do not reply off-list. Always reply to the list unless there is a good reason not to (such as a shouting argument with another user, a thread drifts wildly off topic, you are asked to, etc). On 6/7/2013 11:20 PM, Nikolas Kallis wrote: On 08/06/13 14:09, Stan Hoeppner wrote: On 6/7/2013 10:50 PM, Nikolas Kallis wrote: Also, thanks for the information about 'reject_unknown_reverse_client_hostname'. I can't tolerate accidently rejecting spam. I have recently learn't that a PTR record is not a DNS requirement, and as so, will receive mail from clients that do not have a PTR record setup for their host. This is a mistake. RFC may not, but SMTP BCP requires rDNS. You'll see why before too long. No, its not a mistake. Read RFC 2821 and you'll see it makes no reference for a host needing a valid PTR record. RFC 1035 (domain name system) doesn't either. As you gain experience running a mail server, and gain knowledge from this list, you will realize that while RFCs guide the development of the internet and set standards, they are not the only standards, and/or sometimes they fall short of what is needed in the real world. You will find that there are things widely implemented due to Best Current Practices that are not mentioned as SHOULD or MUST in RFCs. -- Stan
Re: 'reject_non_fqdn_helo_hostname' not working?!
On 08/06/13 17:49, Stan Hoeppner wrote: Nikolas, please do not reply off-list. Always reply to the list unless there is a good reason not to (such as a shouting argument with another user, a thread drifts wildly off topic, you are asked to, etc). On 6/7/2013 11:20 PM, Nikolas Kallis wrote: On 08/06/13 14:09, Stan Hoeppner wrote: On 6/7/2013 10:50 PM, Nikolas Kallis wrote: Also, thanks for the information about 'reject_unknown_reverse_client_hostname'. I can't tolerate accidently rejecting spam. I have recently learn't that a PTR record is not a DNS requirement, and as so, will receive mail from clients that do not have a PTR record setup for their host. This is a mistake. RFC may not, but SMTP BCP requires rDNS. You'll see why before too long. No, its not a mistake. Read RFC 2821 and you'll see it makes no reference for a host needing a valid PTR record. RFC 1035 (domain name system) doesn't either. As you gain experience running a mail server, and gain knowledge from this list, you will realize that while RFCs guide the development of the internet and set standards, they are not the only standards, and/or sometimes they fall short of what is needed in the real world. You will find that there are things widely implemented due to Best Current Practices that are not mentioned as SHOULD or MUST in RFCs. I have been replying e-mail addresses I in the reply-to only. I think Postfix's Majordomo has an issue. I noticed it was acting a bit funny in regards to this myself yesterday, but haven't had time to getting around brining it up. Following the RFC is the only way in maintaining standards. I am aware RFC 2821 is out of date in modern times, but its no excuse for lapsing on professionalism and going off doing your own thing - I mean, you can, but it just creates problems.
Re: 'reject_non_fqdn_helo_hostname' not working?!
On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. 'bbbmail.com' is a fully qualified domain name. That is completely irrelevant to the question of whether the source IP address resolves to a host name. Mark -- My blog: http://mark.goodge.co.uk
Re: 'reject_non_fqdn_helo_hostname' not working?!
Le 07/06/2013 15:11, Mark Goodge a écrit : On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. 'bbbmail.com' is a fully qualified domain name. That is completely irrelevant to the question of whether the source IP address resolves to a host name. Mark And the fact that the mail is from a specific domain is not linked to the name used in the HELO/EHLO command. I persoannly only filter out when my own server name is used as helo name
Re: 'reject_non_fqdn_helo_hostname' not working?!
On 07/06/13 23:11, Mark Goodge wrote: On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. 'bbbmail.com' is a fully qualified domain name. That is completely irrelevant to the question of whether the source IP address resolves to a host name. Mark I thought for a domain to be fully qualified, it must have a PTR record setup for it?
Re: 'reject_non_fqdn_helo_hostname' not working?!
Not at all. asgljgsglhg.aergohgergearguaoreg.gaegergheagaerhgaerhgopaeg is just as much an FQDN as mail.google.com. Ron Scott-Adams r...@tohuw.net Soap and education are not as sudden as a massacre, but they are more deadly in the long run. (Mark Twain) On Jun 7, 2013, at 09:16 , Nikolas Kallis n...@nikolaskallis.com wrote: On 07/06/13 23:11, Mark Goodge wrote: On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. 'bbbmail.com' is a fully qualified domain name. That is completely irrelevant to the question of whether the source IP address resolves to a host name. Mark I thought for a domain to be fully qualified, it must have a PTR record setup for it?
Re: 'reject_non_fqdn_helo_hostname' not working?!
On 07/06/2013 14:16, Nikolas Kallis wrote: On 07/06/13 23:11, Mark Goodge wrote: On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. 'bbbmail.com' is a fully qualified domain name. That is completely irrelevant to the question of whether the source IP address resolves to a host name. Mark I thought for a domain to be fully qualified, it must have a PTR record setup for it? No, not at all. There are many FQDNs which don't have PTR records, and there is no requirement for a 1:1 correspondance between FQDNs, IP addresses, A records and PTR records. Mark -- My blog: http://mark.goodge.co.uk
Re: 'reject_non_fqdn_helo_hostname' not working?!
Am 2013-06-07 15:16, schrieb Nikolas Kallis: I thought for a domain to be fully qualified, it must have a PTR record setup for it? No, fully qualified means that all domain name components up to the top level domain are specified. While you can generally expect that fully qualified domain names end with a known TLD like .com or .net, it may legally refer to a not (yet) existing domain, such as foobar.asdf
Re: 'reject_non_fqdn_helo_hostname' not working?!
On 07/06/13 23:29, Mark Goodge wrote: On 07/06/2013 14:16, Nikolas Kallis wrote: On 07/06/13 23:11, Mark Goodge wrote: On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. 'bbbmail.com' is a fully qualified domain name. That is completely irrelevant to the question of whether the source IP address resolves to a host name. Mark I thought for a domain to be fully qualified, it must have a PTR record setup for it? No, not at all. There are many FQDNs which don't have PTR records, and there is no requirement for a 1:1 correspondance between FQDNs, IP addresses, A records and PTR records. Mark You are right. Up until a couple of hours ago I believed what you said was true, but a couple of hours ago something led me to believe different. Thanks for the clarification.
Re: 'reject_non_fqdn_helo_hostname' not working?!
On 6/7/2013 8:06 AM, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. $ host 46.235.78.1 Host 1.78.235.46.in-addr.arpa. not found: 3(NXDOMAIN) reject_unknown_reverse_client_hostname triggers on NXDOMAIN. This has nothing to do with HELO, but a reverse lookup of the client IP address. I have 'reject_non_fqdn_helo_hostname' enabled; how did this unsolicited e-mail get through? One, see above. Two, because reject_non_fqdn_helo_hostname does not trigger on NXDOMAIN. Using reject_unknown_reverse_client_hostname would have rejected this spam connection with a 450. See: http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname -- Stan
