On Sat, Oct 26, 2013, at 06:21 AM, Noel Jones wrote:
> 1. block all *.linkedin.com clients BEFORE any
> permit_sasl_authenticated statement. This will also have the effect
> of blocking all incoming linkedin mail. That may be a little too
> strict for some folks, or maybe just fine with others.
>
> 2. Use a policy service such as postfwd to reject connections if
> {SASL authentication and the client == linkedin}. This will prevent
> anyone from sending mail via linkedin, but will still allow the
> usual unauthenticated incoming mail.
>
>
> (well, I suppose firewall their IP range is a third choice... That
> suffers from the problem of reliably finding their IP range.)
Has anyone confirmed that their proxy IPs reverse resolve to *.linkedin.com?
Of course, we'll still wind up playing whack-a-mole if they decide to change
them. IP ranges are slightly harder to change, but still not impossible if
they want to play that game.
Bron.
--
Bron Gondwana
br...@fastmail.fm
