Am 13.09.2014 um 15:10 schrieb LuKreme: > On 12 Sep 2014, at 13:55 , li...@rhsoft.net wrote: >> Am 12.09.2014 um 21:49 schrieb Philip Prindeville: >>>> However, any time I connect via telnet to this server and specify >>>> *any* IP address in the form [X.X.X.X], the smtpd_helo_restrictions >>>> won't trigger. >>> This is both legal and reasonable. >> >> it maybe true but it is *not* reasonable > > What do you base that on?
by how 90% of all spam would disappear without asking any RBL if only all mailserver admins would use their brain by verify their configurations against best practices and you would not drop legit mail by enforce strict policies: * reject non existing HELO (includes IP address) * reject dynamic looking PTR * i would even go so far enforce A/PTR/HELO matching two things ISP's should do: * block outgoing port 25 from customer ranges until the customer says he runs a mailserver * start any PTR with "dynamic-ptr-" until someone says he needs that changed for a IP or range because he is running servers _______________________________________________________________ spam botnets built with infected clients would no longer exist most connections could postscreen reject directly with that rules sadly there are too much mailservers with a ptr somehow like "xx-xx-xx-xx.mydumbadmin.tld" or "xx.xx.xx.xx.mydumbadmin.tld" or even "in-addr-arpa" which needs to be DUNNO whitelisted in PTR policies is it really that hard to write "mail", "mta", "outbound" somewhere in your PTR and configure "smtp_helo_name" to the same value?
