294595Re: Three trivial filtering questions
- Aug 5, 2013In message <51FF2563.1070708@...>,
Stan Hoeppner <stan@...> wrote:
>> If not maybe a new restrictionDid I say I was having a problem?
>> verb would be useful to perform this exact check.
>Maybe you should explain why you're having a problem rejecting spamware
>that HELO's with an IP literal.
There's a difference between "Yea, I could probably spend half an afternoon
hacking up something external that will perform this parcticular check" and
"There's an already-built-in Postfix verb for that."
The latter appeals to my maximally lazy self, but the former doesn't
quite rise to the level of something that I would characterize as
>If rejecting based on a HELO string isLast, first, does the order make any difference in the end?
>your last line of defense you're in trouble Ron.
>Surely a spamfighterHELO is _very_ informative.
>of your experience isn't pinning his hopes on HELO. ;)
In the first hour after I re-jiggered my main.cf today, I could already
see spammers trying to HELO with [A.B.C.D]. In contrast to that, I
personally am not aware at the present time of any serious mail server
that I care to receive mail from that HELOs with the [A.B.C.D] style...
even if the RFC does allow it (which we both know it does).
(At some point, everyone running a mail server realizes that the old
admonition to "be liberal in what you accept" has already gone the
way of the dinoasaur some time ago.)
>If your IP literal HELO problem is indeed bot ware, then usingI don't have any data to tell me what they are, exactly, just yet, and
>Postscreen will stop these clients, before they have a chance to HELO.
actually, I don't even mind if they HELO. I'd just like the simplest
and quickest thing to reject based on HELO with bracketed IP address,
and I'm not real eager to work on setting up postscreen today. But
thanks for the suggestion.
If I can't reject on bracketed IP in HELO/EHLO then at least I would
have expected Postfix to provide some verb which would have the effect
of at least making sure the bracketed IP is correct. Oh well. :-(
>> I am not using postscreen at the present time.OK, good.
>> Do I need to use that if I want to perform RHSBL checks?
>No, they are independent of one another.
>But if you want to easily stopWhy?
>bots Postscreen is the way to go.
The combination of 6 or so of the best RBLs, together with SURBL, URIBL,
and Spamhaus DBL seem to be taking care of pretty much everything as of
now, bot or otherwise. So who am I to argue with success?
>With your current setup and described problem you could simply remarkGood point! I think 'll try that. Thanks!
>all of your reject_rbl_client statements temporarily and see if your
>reject_rhsbl_* statements catch anything.
- << Previous post in topic Next post in topic >>