Le 04/01/2011 21:23, Jeroen Geilman a écrit : > On 1/4/11 8:32 PM, pf at alt-ctrl-del.org wrote: >> >> The only rejects that I get calls or emails about are: >> reject_non_fqdn_helo_hostname, >> reject_unknown_helo_hostname, >> reject_unknown_client_hostname, > > Don't blindly use that. It causes a LOT of false positives. > >> reject_unknown_reverse_client_hostname > > That's safer to use. > >> >> If these four rejects had individually configurable error text, it >> would help a lot. >> >> Instead of Helo command rejected: Host not found, I could choose to >> return: >> Helo command rejected: Host not found; see >> example.tld?helo=somedomain.local > > What would that tell the sender *admin* that he didn't already know ?
a lot! (but I guess you meant "that he couldn't find if he really tries", which is a different question). one time a "partner" (in another life/job) got rejected because of a composite rule the last of which was a reject_unknown_hostname (the goal was to reject if this and that and that, but I wanted to benefit from temp handling of reject_unknown_*. that was an error!). said partner didn't understand the meaning of "unknown". so they tried to fake our hostnameS, and they managed to knock our server every minute (ask me not why I love exchange), and they tried many of our hostnames! as I had no idea who these guys were. Actually, I had participated to their selection as a partner, but I couldn't link the excessive probes from a "random" indian network to them (which once again shows that people should really use their "names" instead of generic or ISP domains), they were blocked at firewall level. later on, they tried the phone and I didn't know whether I had to laugh or cry when I understood what they tried to do (they thought "unknown" was the opposite of "our domains"!!! they didn't think a second that faking our domain was to make their situation worst). so yes, there is a case for "luser compatible" information. not that I think it would solve any problem. but it would help to say "we did our best: we provided a link. ask marketers/PR/lawyers/whomever to make it clear. just don't ask tech guys about it again". > Note that information in SMTP logs and sessions is generally only read > by, and therefore only useful to, system admins.
