Am 14.02.2015 um 23:37 schrieb LuKreme:
On 14 Feb 2015, at 04:39 , li...@rhsoft.net wrote:
Am 14.02.2015 um 11:30 schrieb LuKreme:
Has anyone had any sort of issue with a check like this:
/(unknown|localhost|localdomain|lan|home|example|local|lokal)$/ REJECT
Mailserver name in private namespace
I’ve noticed a lot of commercial non-spam email hitting this recently (for
example, landmarktheatres ticket confirmations, a local restaurant's email
verification for signup, and some others along those lines). In fact, the split
between obvious spam and no-spam seems to be about 80/20 with low hitrate
either way.
Yes, I know their mail servers are mis-configured
put any PTR and HELO checks at the *bottom* of your restrictions and conigure
the SPF check as well as much as possible DNSWL to skip them
Hmm. I usually put cheap checks first
me too, hence that all comes before milters
Reading on SPF in postfix I see:
http://www.postfix.org/SMTPD_ACCESS_README.html
The greylisting and SPF policies are implemented externally,
Which I thought was no longer true.
# postconf -d | grep spf
spf_explanation =
spf_global_whitelist = no
spf_local_policy =
spf_mark_only = no
spf_patch_version = 1.1.0
spf_received_header = yes
spf_reject_code = 550
spf_reject_dsn = 5.7.1
that's a *not offical* postfix with discouraged pacthes
I haven’t setup SPF in postfix, but those are the default setting.
Searching postfix.org site for spf_local_policy returns no hits so I’ve
not found the documentation on these settings. It may be on my computer.
because it is not part of postfix as said above
hence no real problems here while we update the checks automatically once per
day by the current http://data.iana.org/TLD/tlds-alpha-by-domain.txt to not
miss new TLD's and jeject any non-existing
Well, .local is definitely a non-existing tld, and any mail server using that
as it’s helo is badly broken. It used to be a 100% spam indicator for me, but
now it is less so.
that is all true but the problem is when some ordinary user sends
business mail to a ordinary user on my side and we reject i get called
and so i prefer to not need contacting every admin of a badly configured
server - they are too much :-)
frankly i have even a "/^localhost\.localdomain$/ DUNNO" on top for
exactly the same reason
/etc/python-policyd-spf/policyd-spf.conf
Ah, I will ook at installing that package. Thanks
that's my full config
HELO_reject is disabled by intention after a false positive on the first
day with the new system which was a order confirmation with a
donwload-link, the default rejects even HELO-softfail
cat /etc/python-policyd-spf/policyd-spf.conf
debugLevel = 1
defaultSeedOnly = 1
HELO_reject = No_Check
Mail_From_reject = Fail
Mail_From_pass_restriction = OK
PermError_reject = False
TempError_Defer = True
