Dominic Raferd:
> On Sun, 28 Apr 2019 at 16:31, Matus UHLAR - fantomas
> wrote:
>
> > >>>On 27 Apr 2019, at 15:28, TG Servers wrote:
> > But you mean to keep reject_non_fqdn_helo_hostname and
> > reject_invalid_helo_hostname, right?
> >
> > >>On 27 Apr 2019, at 14:28, Bill Cole
> > >> wro
On 4/28/19 6:32 AM, @lbutlr wrote:
>
> The rejects are very cheap (practically free) while processing the pcre file
> takes more resources. My thinking is the order is less stressful.
Yeah, this is my policy too. Straightforward yes/no rules first; run
the messages that pass *those* through th
On Sun, 28 Apr 2019 at 16:31, Matus UHLAR - fantomas
wrote:
> >>>On 27 Apr 2019, at 15:28, TG Servers wrote:
> But you mean to keep reject_non_fqdn_helo_hostname and
> reject_invalid_helo_hostname, right?
>
> >>On 27 Apr 2019, at 14:28, Bill Cole
> >> wrote:
> >>>Yes but as part of smtpd_
On 27 Apr 2019, at 15:28, TG Servers wrote:
But you mean to keep reject_non_fqdn_helo_hostname and
reject_invalid_helo_hostname, right?
On 27 Apr 2019, at 14:28, Bill Cole
wrote:
Yes but as part of smtpd_helo_restrictions with a substantial
check_helo_access map ahead of them which has a bun
On 28 Apr 2019, at 03:00, Allen Coates wrote:
> On 27/04/2019 23:21, @lbutlr wrote:
>>
>> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname,
>>reject_non_fqdn_helo_hostname, check_helo_access
>>pcre:/etc/postfix/helo_checks.pcre permit
> I usually put my access-c
I usually put my access-control lists EARLY, so I have yes / no /
"further-processing" options
Allen C
On 27/04/2019 23:21, @lbutlr wrote:
>
> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname,
> reject_non_fqdn_helo_hostname, check_helo_access
> pcre:/etc/postf
On Apr 27, 2019, at 21:13, Bill Cole
wrote:
>
> I keep permit_my_networks out of my postfix config entirely
Thanks. I keep meaning to look into doing that, but then I don’t seem to get
around to it.
My mail server isn’t on a LAN IP, so that doesn’t apply. I’ll keep looking at
logs to see if
On 27 Apr 2019, at 18:21, @lbutlr wrote:
On 27 Apr 2019, at 14:28, Bill Cole
wrote:
On 27 Apr 2019, at 15:28, TG Servers wrote:
But you mean to keep reject_non_fqdn_helo_hostname and
reject_invalid_helo_hostname, right?
Yes but as part of smtpd_helo_restrictions with a substantial
check_h
On 27 Apr 2019, at 14:28, Bill Cole
wrote:
> On 27 Apr 2019, at 15:28, TG Servers wrote:
>
>> But you mean to keep reject_non_fqdn_helo_hostname and
>> reject_invalid_helo_hostname, right?
>
> Yes but as part of smtpd_helo_restrictions with a substantial
> check_helo_access map ahead of them
On 27 Apr 2019, at 15:28, TG Servers wrote:
But you mean to keep reject_non_fqdn_helo_hostname and
reject_invalid_helo_hostname, right?
Yes but as part of smtpd_helo_restrictions with a substantial
check_helo_access map ahead of them which has a bunch of OK entries
because Sturgeon's Law app
> On 27 Apr 2019, at 13:40, Bill Cole
> wrote:
>
> On 27 Apr 2019, at 15:23, @lbutlr wrote:
>
>> Do you still see connections from hotmail.com mail servers?
>
> That depends on what you mean by "hotmail.com mail servers."
> I see a lot of traffic from servers authorized by the SPF record fo
On 27 Apr 2019, at 15:23, @lbutlr wrote:
Do you still see connections from hotmail.com mail servers?
That depends on what you mean by "hotmail.com mail servers."
I see a lot of traffic from servers authorized by the SPF record for
hotmail.com. I don't believe any of those use 'hotmail.com' in
On 27 April 2019 21:18:14 "Bill Cole"
wrote:
On 27 Apr 2019, at 14:20, Phil Stracchino wrote:
On 4/26/19 5:15 PM, Bill Cole wrote:
On 26 Apr 2019, at 9:46, Phil Stracchino wrote:
I don't see a fundamental risk in rejecting mail from servers
claiming
a HELO hostname that doesn't resolve
On 27 Apr 2019, at 14:20, Phil Stracchino wrote:
On 4/26/19 5:15 PM, Bill Cole wrote:
On 26 Apr 2019, at 9:46, Phil Stracchino wrote:
I don't see a fundamental risk in rejecting mail from servers
claiming
a HELO hostname that doesn't resolve.
There have been varied interpretations (and word
On 4/26/19 5:15 PM, Bill Cole wrote:
> On 26 Apr 2019, at 9:46, Phil Stracchino wrote:
>> I don't see a fundamental risk in rejecting mail from servers claiming
>> a HELO hostname that doesn't resolve.
>
> There have been varied interpretations (and wordings) of the *21 RFCs
> that define what t
On 26 Apr 2019, at 9:46, Phil Stracchino wrote:
On 4/25/19 7:56 PM, Allen Coates wrote:
I have been looking at the configuration parameter
"reject_unknown_helo_hostname", with a view to using it to resist
spam.
I know it is reasonably safe to reject an incoming email on an
invalid or
non-f
On 4/26/19 10:17 AM, Allen Coates wrote:
> I can see that a mail-host might announce itself as "example.com" and not
> "mail.example.com" Getting DNS configuration letter-perfect can be quite
> tricky.
Point.
I do note that unknown_hostname_reject_code defaults to 450, a tempfail.
There is al
I can see that a mail-host might announce itself as "example.com" and not
"mail.example.com" Getting DNS configuration letter-perfect can be quite
tricky.
One must be tolerant of SOME mistakes - but absolute rubbish, reserved TLDs and
people claiming to be me will be thrown out (at this server)
On 4/25/19 7:56 PM, Allen Coates wrote:
> I have been looking at the configuration parameter
> "reject_unknown_helo_hostname", with a view to using it to resist spam.
>
> I know it is reasonably safe to reject an incoming email on an invalid or
> non-fqdn HELO hostname, but *UNKNOWN?*
>
> I don't
On 25 Apr 2019, at 19:56, Allen Coates wrote:
I have been looking at the configuration parameter
"reject_unknown_helo_hostname", with a view to using it to resist spam.
On 26.04.19 10:35, Brent Clark wrote:
I use it.
But you need to add and whitelist accordingly.
I.e.
check_helo_access hash
Good day Guys
I use it.
But you need to add and whitelist accordingly.
I.e.
check_helo_access hash:/etc/postfix/check_helo_access
Oddly enough, I have only ever had to whitelist
root@mail ~ # cat /etc/postfix/check_helo_access
fwd-out.cmp.livemail.co.uk OK
HTH
Regards
Brent Clark
On 2019/0
On 25 Apr 2019, at 19:56, Allen Coates wrote:
I have been looking at the configuration parameter
"reject_unknown_helo_hostname", with a view to using it to resist
spam.
It is not useful, unless you are willing to reject mail from hosts which
send no spam and which are impervious to behaviora
On 4/25/2019 7:24 PM, @lbutlr wrote:
On 25 Apr 2019, at 17:56, Allen Coates wrote:
I have been looking at the configuration parameter
"reject_unknown_helo_hostname", with a view to using it to resist spam.
I don't think that's going to be helpful enough to make up for the legitimate
messages
On 25 Apr 2019, at 17:56, Allen Coates wrote:
> I have been looking at the configuration parameter
> "reject_unknown_helo_hostname", with a view to using it to resist spam.
I don't think that's going to be helpful enough to make up for the legitimate
messages you will lose. Not all senders have
I have been looking at the configuration parameter
"reject_unknown_helo_hostname", with a view to using it to resist spam.
I know it is reasonably safe to reject an incoming email on an invalid or
non-fqdn HELO hostname, but *UNKNOWN?*
I don't receive a sufficient corpus of email to make a reason
25 matches
Mail list logo
