On 1/31/2014 7:00 AM, li...@rhsoft.net wrote: > > > Am 31.01.2014 13:41, schrieb Larry Stone: >> On Jan 30, 2014, at 10:21 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: >> >>> On 1/30/2014 7:17 PM, li...@sbt.net.au wrote: >>>> my pre configured Postfix inluded these helo_access.pcre rejects; >>>> >>>> today, I noticed an expected email was bounced by one of the >>>> pre-configured rules as so: >>>> >>>> Jan 31 10:08:01 emu postfix/smtpd[11075]: NOQUEUE: reject: RCPT from >>>> unknown[59.167.231.218]: 554 5.7.1 <eth6619.nsw.adsl.internode.on.net>: >>>> Helo command rejected: Go away, bad guy (adsl).; from=<hele...@tld.com.au> >>>> to=<voy...@tld.net.au> proto=ESMTP >>>> helo=<eth6619.nsw.adsl.internode.on.net> >>>> >>>> host 59.167.231.218 >>>> 218.231.167.59.in-addr.arpa domain name pointer ns3.cipaname.com. >>>> >>>> before I contact the sender to tell them "you are misconfigured"; >>> >>> There are some legit static IP servers with a hostname containing >>> /adsl/, so you'll need to watch out for false positives. How much of >>> a problem that is will be site specific. >> >> I’ll echo what Noel said. And based on your subject, you may have the idea >> that >> having (A)DSL service and having a dynamic TCP/IP address are equivalent. >> They are not! >> There are a lot of legitimate small business and SOHO servers on static DSL >> connections > > correct > >> In many cases, the DSL provider will change the reverse DNS but not always >> It's the dynamic address hostnames you want to block > > i would at least call a ISP questionable which does not change a PTR > like "eth6619.nsw.adsl.internode.on.net" to "mail.example.com" if > someone intents to run a MTA on that IP and personally never go > online with a mailserver having a generic PTR
But in this incidence, the PTR is ns3.cipaname.com, which has no A record. There's no A record for cipaname.com either, but the domain does exist. Here, the client used the HELO name of eth6619.nsw.adsl.internode.on.net, which has an A record pointing to the same client. This setup looks really sloppy, but apparently is a legit server (for some value of legit). Most spammers that use their own servers these days are more competent, with FCrDNS, SPF, and DKIM. > > best practice these days is matching HELO-name/A-Record/PTR Yes. > things like dialup/adsl/dsl/dynamic/dyn should not exist in a MTA-PTR Some folks have no choice of ISP, and their only ISP doesn't offer custom PTR (but that's not the case here). At any rate, those strings shouldn't appear in the HELO, which is completely under the user's control. -- Noel Jones
