Am 17.09.2014 um 11:37 schrieb AndreaML: > On Tuesday 16 September 2014 23:33:43 li...@rhsoft.net wrote: >> >> that still too much mail admins sadly don't care about 3 things >> >> * A record >> * PTR >> * HELO name >> >> and instead "reject_unknown_hostname" you need for a sane sleep >> specific rules to at least reject insane HELO :-( > > thank you for your reply and the configuration excerpt. > > After reading yours and Bill Cole replies, i am now inclined to remove the > hard check on the HELO dns resolvability favoring the "soft" check .... > > I am just contended between two approach. > > The first is maintaining the restriction, prepending with a whitelist lookup > table populated in semi-automatic manner with a phase analyzing the logs to > identify the unresolvable unique helos that need to be whitelisted. > > Or the second is converting the hard check to a soft one like yours with a > table to reject clearly bogus names, that needs me to check not the smtp logs > but the antismap/antivirus logs and then the headers of the actual messages > to > build the table. > > I am referring to your (our) mail administrators wisdom and experience. what > is your opinion on these approaches?
i prefer in general soft rules and scoring when possible thats why i only listed things like "ends with .localhost" and some pretty clear ISP client HELO made it through SA and can never be a legit mailserver unconditional rules leads in complaints if they are really catch a relevant amount or are meaningless because they anyways don't really help what i have in all rule sets is a sender-based whitelist table to even override a hand picked hard blocking rule the same for PTR checks where i try to get rid of most dynamic clients not catched by DUL RBL's starting with a lot of DUNNO rules if something smells like it could be a mailserver "out", "mail", "gateway" since admins are too creative and/or careless by naming their machines and ISP's not clear in naming their enduser ranges PTR's the intention is to block clear junk before it passes to SpamAssassin because SA scales not that much if there starts again a spam-wave like a few months ago with 500000 rejected messages per day :-(