On Thu, Feb 11, 2021 at 12:15:32AM +0300, Eugene Podshivalov wrote:
> > Viktor Dukhovni:
> > Postfix can check that the EHLO name resolves to some IP address.
>
> Then what is the sense of doing this if the name can be whoever else's name?
Spam bots are sloppy, and typicall default to the name from the RHS of
the PTR. If that has no forward name, and you require a forward IP
then you'll block them.
I would not recommend a global rule of that sort. Rather, I do this
selectively for name suffixes from various ISP dynamic pools that I've
observed to sources of repeat spam that evades other filters and where
filtering the HELO is effective. My filters are fairly light, some
junk gets through, but I don't lose legitimate mail. I'm willing to
engage in occasional whack-a-mole updates to some of the local rules.
--
Viktor.
