Matus UHLAR - fantomas skrev den 2013-02-03 20:41:
only whitelist dynamic ips if there is port 25 open on it,
so any open relay and SMTP redirect gets whitelisted?
On 04.02.13 00:55, Benny Pedersen wrote:
nope, if port 25 is open, its another problem, in the way that is
could be static ip, with a dynamic hostname / reverse dns, but it
depends on what mail this dynmic ip want to accept
Well, if a port 25 is open on dynamic IP, it COULD be open relay or SMTP
redirect. If we decide an IP is dynamic (or should not be used for mail,
see spamhaus PBL policy), we should NOT whitelist it just because IP has
port 25 open. There are multiple ways to detect dynamic IPs (rDNS patterns,
PBL, SORBS-DUL, MAPS-DYNA) which I found more safe than TCP port 25 open.
complicated yes, seem from my own logs is that some domains just
setup mx records, to have abality to send email, but when trying send
to this mx postmaster or abuse does not exists or mx host does not
accept recipient domain, seen here relay denied, and connection
refused
This is what e.g. rfci-ignorant or many other rhsbl blacklists are for.
fair i just tempfail that sender so with old postfix
reject_unverified_sender, its less work to whitelist sender domains
if sender is known to not want mail back
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
