Jo Rhett writes: > Justin Mason wrote: > > Jo Rhett writes: > >> Justin Mason wrote: > >>> do you mean the one I posted about earlier, or the original? > >> Sorry, I haven't looked at it in a while and wouldn't remember. > >> > >> Looking at yours - why don't use use the global parameters that specify > >> trusted header hosts instead of adding your own? I can't think of a > >> time I would trust the headers from a host, but wouldn't trust it for > >> bounces... > > > > Tried, and it didn't work. :( Unfortunately, trusted_networks etc. > > is built on the IP address of trusted net ranges -- and that info > > doesn't appear reliably in most bounce DSNs. (I think there's > > a bugzilla item with more info.) > > > >> Also, I think (I don't have time to read the ruleset in detail right > >> now) that it seems a bit harsh. The goal would be to identify only > >> backscatter right? It seems likely to hit almost every bounce, yes? > > > > it'll hit every bounce, and the MY_SERVERS_FOUND rule then rescues > > the "legit" bounces from that set. > > yeah, I thought so. It seems too simple for anything but single-domain > servers. (or at least single-organization servers)
why? Can you not simply list all the outgoing relays for the organizations/domains, or even a pattern that matches all of their names? How many outgoing relays do you have? (I'm not sure I understand the problem here.) > I'll poke at it later and see if I can think up a better way to handle > this. I'd include SPF results etc if I can reuse that information from > the previous tests... That would be nifty, if possible. --j.
