On Apr 13, 2009, at 14:46, mouss wrote:
does reject_unknown_sender_domain really reject that many spam (that
is
not rejected by zen among other things)?
Yes. Especially before IPs get listed in zen.
they use forged sender addresses where the domain is valid. for
example, you may get spam with the sender set to.
Sure. If this will be sent from host without correct DNS entries it
could be blocked with reject_unknown_*.
Anyways - question was about sender with *invalid* domain.
Pawel Lesniak
Paweł Leśniak a écrit :
> W dniu 2009-04-14 23:00, mouss pisze:
>> [snip]
>> and spammers seem to forge valid addresses, so the check looks useless
>> to me.
>>
> How do they forge a client DNS A records consistent with PTR records?
I meant they use forged sender addresses where the domain is v
W dniu 2009-04-14 23:00, mouss pisze:
Paweł Leśniak a écrit :
W dniu 2009-04-13 22:46, mouss pisze:
does reject_unknown_sender_domain really reject that many spam (that is
not rejected by zen among other things)?
According to RFC1912:
(...)
2.1 Inconsistent, Missing, or Bad
Paweł Leśniak a écrit :
> W dniu 2009-04-13 22:46, mouss pisze:
>> does reject_unknown_sender_domain really reject that many spam (that is
>> not rejected by zen among other things)?
>>
> According to RFC1912:
> (...)
> 2.1 Inconsistent, Missing, or Bad Data
> Every Internet-reachable host *sho
W dniu 2009-04-13 22:46, mouss pisze:
does reject_unknown_sender_domain really reject that many spam (that is
not rejected by zen among other things)?
According to RFC1912:
(...)
2.1 Inconsistent, Missing, or Bad Data
Every Internet-reachable host *should* have a name. The consequences of
Jorey Bump a écrit :
> post...@corwyn.net wrote, at 04/10/2009 12:08 PM:
>
>> [snip]
>>
>> I've got a customer who has their Mailer-Daemon address configured to
>> respond with an invalid domain so they get rejected:
>>
>> Apr 9 16:53:44 agencymail postfix/smtpd[1703]: NOQUEUE: reject: RCPT
>>
At 01:31 PM 4/10/2009, Jorey Bump wrote:
Yes, that would also need to follow the map. I recommend that you
dedicate separate maps to check_sender_access and check_client_access;
combining everything into one map is risky.
Actually it looks like there was a typo there:
>check_client_access
post...@corwyn.net wrote, at 04/10/2009 12:08 PM:
> Currently I block email with
> smtpd_sender_restrictions =
>reject_unknown_sender_domain
>check_sender_access hash:/etc/postfix/access
> smtpd_data_restrictions =
>reject_multi_recipient_bounce
> smtpd_recipient_restrictions =
>r
Currently I block email with
smtpd_sender_restrictions =
reject_unknown_sender_domain
check_sender_access hash:/etc/postfix/access
smtpd_data_restrictions =
reject_multi_recipient_bounce
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unk
10 matches
Mail list logo
