On 8/4/2013 8:06 PM, Ronald F. Guilmette wrote: > Does reject_non_fqdn_helo_hostname, when placed in the > smtpd_helo_restrictions, permit clients to HELO/EHLO > with a square-bracket enclosed dotted quad IPv4 address?
Yes. > > If so, is the dotted quad checked to see that it properly > represents the actual IP address of the actual current client? No. > > Also, I have just added all of the following to my > smtpd_recipient_restrictions: > > reject_rhsbl_reverse_client multi.surbl.org > reject_rhsbl_reverse_client multi.uribl.com > reject_rhsbl_reverse_client dbl.spamhaus.org > reject_rhsbl_sender multi.surbl.org > reject_rhsbl_sender multi.uribl.com > reject_rhsbl_sender dbl.spamhaus.org > reject_rhsbl_helo multi.surbl.org > reject_rhsbl_helo multi.uribl.com > reject_rhsbl_helo dbl.spamhaus.org > > For the time being, and mostly just to see how effective these filters > are on their own, I have these listed in my smtpd_recipient_restrictions > *prior to* several subsequent reject_rbl_client clauses. Oddly however, > in spite of the ordering, it is appearing to me as if perhaps the above > RHS filters are either not actually being applied or else are being applied > _after_ the subsequent reject_rbl_client filters. Certainly, some spam > that I believe should have been rejected on the basis of one or another > of the above RHS filters I am instead seeing (in my maillog file) being > rejected instead by one or another of the subsequent reject_rbl_client > filters. What could I be doing wrong? Doing RBL client checks in postscreen? -- Noel Jones
