Am 31.01.2014 13:41, schrieb Larry Stone: > On Jan 30, 2014, at 10:21 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: > >> On 1/30/2014 7:17 PM, li...@sbt.net.au wrote: >>> my pre configured Postfix inluded these helo_access.pcre rejects; >>> >>> today, I noticed an expected email was bounced by one of the >>> pre-configured rules as so: >>> >>> Jan 31 10:08:01 emu postfix/smtpd[11075]: NOQUEUE: reject: RCPT from >>> unknown[59.167.231.218]: 554 5.7.1 <eth6619.nsw.adsl.internode.on.net>: >>> Helo command rejected: Go away, bad guy (adsl).; from=<hele...@tld.com.au> >>> to=<voy...@tld.net.au> proto=ESMTP >>> helo=<eth6619.nsw.adsl.internode.on.net> >>> >>> host 59.167.231.218 >>> 218.231.167.59.in-addr.arpa domain name pointer ns3.cipaname.com. >>> >>> before I contact the sender to tell them "you are misconfigured"; >> >> There are some legit static IP servers with a hostname containing >> /adsl/, so you'll need to watch out for false positives. How much of >> a problem that is will be site specific. > > I’ll echo what Noel said. And based on your subject, you may have the idea > that > having (A)DSL service and having a dynamic TCP/IP address are equivalent. > They are not! > There are a lot of legitimate small business and SOHO servers on static DSL > connections
correct > In many cases, the DSL provider will change the reverse DNS but not always > It's the dynamic address hostnames you want to block i would at least call a ISP questionable which does not change a PTR like "eth6619.nsw.adsl.internode.on.net" to "mail.example.com" if someone intents to run a MTA on that IP and personally never go online with a mailserver having a generic PTR best practice these days is matching HELO-name/A-Record/PTR things like dialup/adsl/dsl/dynamic/dyn should not exist in a MTA-PTR
