Hi Matt, thanks for answering.

|  a.. CHKUSER_SENDER_FORMAT: checks if the SENDER of each message has the
| username part matching [a-z0-9_-], and the domain part matching
| [a-z0-9-.] with not consecutive "-.", not leading or ending "-." ==>
| Great for identifying spam.

This really doesn't do much to identify spam.  In fact, the only purpose
it would tend to serve, is to limit the users on your system to
traditional email addresses, which could, ironically, make your system
more easily spammed.
When the SENDER is a local user, I have to agree with what you say.

But when the SENDER is a remote user, specially a spammer, this check
will block all those weird fake addresses the spammers like to use, that's why
I told this feature was good to block spam. Can you comment on this? Would this
case worth to enable this feature?

But now I looking closely to this check I'm recalling some of my customers like to have e-mails of the format: [EMAIL PROTECTED] I't seems that this check would block my usernames with the 'user.lastname' syntax, since it doesn't accept a '.' character in the USER part. Is this customizable? If it's not, this feature does not work even for me!!

|  a.. CHKUSER_RCPT_FORMAT: Equals to the above checking, but for the RCPT
| of each message. Good to prevent your users to send crap to the net.

Same as CHKUSER_SENDER_FORMAT except here, if your users try to relay
mail to a non-traditional email address, you will find yourself with
a phone call from a curious customer :)
Hmmm, oh no!! :-) So I see no utility at all to this feature.

|  a.. CHKUSER_SENDER_MX: Checks if the SENDER domain has a valid MX
| configured for it, thus, discovering fake domain names. Great for
| identifying spam.

Unfortunately, while we'd all love to force everyone to have an
MX record, the fact remains that some hosts just dont have them.
Connecting directly to the host named should be left available,
for now.
I didn't understand what you said in "Connecting directly to the host named should be left available, for now".
Can you explain it better?

Also, being dictionary attacked could leave you making a good
deal of DNS lookups, which can sometimes be slow.

I'm seeing there are some good reasons for these features being commented out...


Reply via email to