fchan a écrit : > I recently was checking on servers that were sending out spam and found > one of them had the hostname called "localhost" which I think is a > attempt to bypass SA. The IP address is 222.252.188.181 which maps back > to Vietnam.
SA will not use "localhost" unless your MTA is borked. with postfix and others, the hostname will be "unknown" (for a PTR to be used, IP -> PTR -> A should return the original IP). > Also I found that a large percentage of my spam comes from Brazil and I > checking of anyone noticed this also. > > Frank Block these at MTA level. with (a recent) postfix: smtpd_recipient_restrictions = ... reject_unauth_destination ... check_reverse_client_hostname_access hash:/etc/postfix/access_host check_helo_hostname hash:/etc/postfix/access_host ... == access_host localhost REJECT invalid name unreachable REJECT invalid name .localhost REJECT invalid name .localdomain REJECT invalid name .lan REJECT invalid name .local REJECT invalid name .lokaal REJECT invalid name .arpa REJECT invalid name .localdomain REJECT invalid name .invalid REJECT invalid name .inv REJECT invalid name .reverse REJECT invalid name .home REJECT invalid name .private REJECT invalid name .firewall REJECT invalid name .adsl REJECT invalid name .belkin REJECT invalid name .kornet REJECT invalid name .speedportw700v REJECT invalid name .test REJECT invalid name .root REJECT invalid name .domain REJECT invalid name
