mouss schrieb: > Robert Schetterer a écrit : >> Hi, >> some nets have >> set their ptr records to localhost >> this causes problems to several mailservers >> i see no problems at mine but >> just asked to clear >> >> dig -x 123.27.178.4 >> >> ; <<>> DiG 9.3.5-P1 <<>> -x 123.27.178.4 >> ;; global options: printcmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46689 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 >> >> ;; QUESTION SECTION: >> ;4.178.27.123.in-addr.arpa. IN PTR >> >> ;; ANSWER SECTION: >> 4.178.27.123.in-addr.arpa. 86266 IN PTR localhost. >> >> i only get warnings ( like ever ) >> >> Aug 6 15:04:31 mxback postfix/smtpd[30131]: warning: 123.27.178.4: >> address not listed for hostname localhost >> Aug 6 15:04:31 mxback postfix/smtpd[30131]: connect from >> unknown[123.27.178.4] >> >> >> is this a hard coded match ( ptrs to localhost are resolved unknown? ) >> so i.e reject_unknown_reverse_client_hostname >> will reject it ever ? >> >> after all this was warned by german heise pc magazin >> http://www.heise.de/newsticker/Namens-Trick-oeffnet-Mailserver--/meldung/143123 > > > I use somthing like this: > > smtpd_recipient_restrictions = > ... > check_reverse_client_hostname_access ${hash}/access_host > check_helo_access ${hash}/access_host > ... > > to reject things like: > > localhost > unreachable > .localhost > .arpa > .invalid > .inv > .test > .local > .lokaal > .localdomain > .lan > .private > .root > .adsl > .firewall > .speedportw700v > .belkin > .kornet > ... > > > be them found in helo or in the PTR. I also use a pcre version to reject > "." as PTR (among other things). > Hi, wow thats a lot i only use localhost, do you catch a lot of spam with the others ?
-- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
