Loading ...
Sorry, an error occurred while loading the content.

294595Re: Three trivial filtering questions

Expand Messages
  • Ronald F. Guilmette
    Aug 5, 2013
    • 0 Attachment
      In message <51FF2563.1070708@...>,
      Stan Hoeppner <stan@...> wrote:

      >> If not maybe a new restriction
      >> verb would be useful to perform this exact check.
      >Maybe you should explain why you're having a problem rejecting spamware
      >that HELO's with an IP literal.

      Did I say I was having a problem?

      There's a difference between "Yea, I could probably spend half an afternoon
      hacking up something external that will perform this parcticular check" and
      "There's an already-built-in Postfix verb for that."

      The latter appeals to my maximally lazy self, but the former doesn't
      quite rise to the level of something that I would characterize as
      "a problem".

      >If rejecting based on a HELO string is
      >your last line of defense you're in trouble Ron.

      Last, first, does the order make any difference in the end?

      >Surely a spamfighter
      >of your experience isn't pinning his hopes on HELO. ;)

      HELO is _very_ informative.

      In the first hour after I re-jiggered my main.cf today, I could already
      see spammers trying to HELO with [A.B.C.D]. In contrast to that, I
      personally am not aware at the present time of any serious mail server
      that I care to receive mail from that HELOs with the [A.B.C.D] style...
      even if the RFC does allow it (which we both know it does).

      (At some point, everyone running a mail server realizes that the old
      admonition to "be liberal in what you accept" has already gone the
      way of the dinoasaur some time ago.)

      >If your IP literal HELO problem is indeed bot ware, then using
      >Postscreen will stop these clients, before they have a chance to HELO.

      I don't have any data to tell me what they are, exactly, just yet, and
      actually, I don't even mind if they HELO. I'd just like the simplest
      and quickest thing to reject based on HELO with bracketed IP address,
      and I'm not real eager to work on setting up postscreen today. But
      thanks for the suggestion.

      If I can't reject on bracketed IP in HELO/EHLO then at least I would
      have expected Postfix to provide some verb which would have the effect
      of at least making sure the bracketed IP is correct. Oh well. :-(

      >> I am not using postscreen at the present time.
      >> Do I need to use that if I want to perform RHSBL checks?
      >No, they are independent of one another.

      OK, good.

      >But if you want to easily stop
      >bots Postscreen is the way to go.


      The combination of 6 or so of the best RBLs, together with SURBL, URIBL,
      and Spamhaus DBL seem to be taking care of pretty much everything as of
      now, bot or otherwise. So who am I to argue with success?

      >With your current setup and described problem you could simply remark
      >all of your reject_rbl_client statements temporarily and see if your
      >reject_rhsbl_* statements catch anything.

      Good point! I think 'll try that. Thanks!

    • Show all 18 messages in this topic