Justin Mason wrote:
Jo Rhett writes:
Justin Mason wrote:
do you mean the one I posted about earlier, or the original?
Sorry, I haven't looked at it in a while and wouldn't remember.
Looking at yours - why don't use use the global parameters that specify
trusted header hosts instead of adding your own? I can't think of a
time I would trust the headers from a host, but wouldn't trust it for
bounces...
Tried, and it didn't work. :( Unfortunately, trusted_networks etc.
is built on the IP address of trusted net ranges -- and that info
doesn't appear reliably in most bounce DSNs. (I think there's
a bugzilla item with more info.)
Also, I think (I don't have time to read the ruleset in detail right
now) that it seems a bit harsh. The goal would be to identify only
backscatter right? It seems likely to hit almost every bounce, yes?
it'll hit every bounce, and the MY_SERVERS_FOUND rule then rescues
the "legit" bounces from that set.
yeah, I thought so. It seems too simple for anything but single-domain
servers. (or at least single-organization servers)
I'll poke at it later and see if I can think up a better way to handle
this. I'd include SPF results etc if I can reuse that information from
the previous tests...
--
Jo Rhett
Network/Software Engineer
Net Consonance
