On Fri, 13 May 2016, Joe Quinn wrote:

SA uses IP-in-name as a machine-decidable definition of a dynamic IP, since you 
can't really automate it otherwise. This heuristic holds
in the vast majority of cases, and is effective against a huge class of spam 
that comes from public ISPs who don't block port 25.


It fails in this case, so a fix should be implemented if possible.

An ISP's customers are generally going to have hosts like 
ipXXX-XXX-XXX-XXX.city.region.isp.net, and the name includes their IP because
simply being an IP address is that host's purpose. That same ISP's mail servers 
are going to have hostnames like mail-15.isp.net. It's
more specific because the list of mail servers is far smaller than the list of 
IPs, and this is the 15th of them.

The solution is to give your mail servers better hostnames that clue into the 
narrower scope of their purpose.


This is NOT a practical solution. You can't expect administrators to know about this problem, some styles of hostnames not playing well with SA.

A possible remedy for this specific case would be to add a check if the hostname also contains the strings "webmail[-.]" or "mail[.-]". This fixes this specific case, and possibly other cases. Does anyone know about any hostnames with such string in them that aren't mail servers?

--
Kim Roar Foldøy Hauge
Event:Presse - The Gathering 2016
webmas...@samfunnet.no
Root@HC,HX,JH,LZ,OT,P,VH

Reply via email to