On Sat, Oct 26, 2013, at 06:21 AM, Noel Jones wrote: > 1. block all *.linkedin.com clients BEFORE any > permit_sasl_authenticated statement. This will also have the effect > of blocking all incoming linkedin mail. That may be a little too > strict for some folks, or maybe just fine with others. > > 2. Use a policy service such as postfwd to reject connections if > {SASL authentication and the client == linkedin}. This will prevent > anyone from sending mail via linkedin, but will still allow the > usual unauthenticated incoming mail. > > > (well, I suppose firewall their IP range is a third choice... That > suffers from the problem of reliably finding their IP range.)
Has anyone confirmed that their proxy IPs reverse resolve to *.linkedin.com? Of course, we'll still wind up playing whack-a-mole if they decide to change them. IP ranges are slightly harder to change, but still not impossible if they want to play that game. Bron. -- Bron Gondwana br...@fastmail.fm