[Samba] [NOT Samba] How "safe" is reject_unknown_helo_hostname?
L.P.H. van Belle
belle at bazuin.nl
Fri Apr 26 14:44:36 UTC 2019
Oeps.
Well it happens more often.. Well at least last time was some time ago.. :-)
And no not on beer yet.. Drive car first home then drink.
Greet,
Louis
> -----Oorspronkelijk bericht-----
> Van: Jonathon Reinhart [mailto:jonathon.reinhart at gmail.com]
> Verzonden: vrijdag 26 april 2019 16:42
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] How "safe" is reject_unknown_helo_hostname?
>
> Louis,
>
> FYI: I think you accidentally responded to samba-users and
> not postfix-users.
>
>
> On Fri, Apr 26, 2019 at 10:33 AM L.P.H. van Belle via samba
> <samba at lists.samba.org> wrote:
> >
> >
> >
> > Helo hostname MUST have resolvable hostname.
> > Crazy or not, but i use this.
> >
> > The _access-allow parts for server you really trust.
> >
> > smtpd_client_restrictions =
> > permit_mynetworks,
> > reject_unauth_destination,
> > check_client_access
> cidr:/etc/postfix/check_client_access-allow.cidr,
> > reject_unknown_hostname,
> > reject_non_fqdn_hostname,
> > reject_invalid_hostname,
> > reject_unknown_reverse_client_hostname,
> > check_client_access
> cidr:/etc/postfix/check_client_access-reject.cidr,
> > reject_unauth_pipelining
> >
> > smtpd_helo_required = yes
> > smtpd_helo_restrictions =
> > permit_mynetworks,
> > reject_unauth_destination,
> > check_helo_access
> pcre:/etc/postfix/check_helo_access-hostname-checks.pcre,
> > check_helo_access hash:/etc/postfix/check_helo_access-allow.map,
> > reject_non_fqdn_helo_hostname,
> > reject_invalid_helo_hostname,
> > reject_unknown_helo_hostname,
> > reject_unauth_pipelining
> >
> > Resulting in more happy customers since after my adviced
> changes to there servers, they now also have less spam..
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: phils at caerllewys.net
> > > [mailto:owner-postfix-users at postfix.org] Namens Phil Stracchino
> > > Verzonden: vrijdag 26 april 2019 15:47
> > > Aan: postfix-users at postfix.org
> > > Onderwerp: Re: How "safe" is reject_unknown_helo_hostname?
> > >
> > > On 4/25/19 7:56 PM, Allen Coates wrote:
> > > > I have been looking at the configuration parameter
> > > > "reject_unknown_helo_hostname", with a view to using it to
> > > resist spam.
> > > >
> > > > I know it is reasonably safe to reject an incoming email on
> > > an invalid or
> > > > non-fqdn HELO hostname, but *UNKNOWN?*
> > > >
> > > > I don't receive a sufficient corpus of email to make a
> > > reasoned judgment.
> > > >
> > > > Your comments would be appreciated.
> > >
> > >
> > > I don't see a fundamental risk in rejecting mail from servers
> > > claiming a
> > > HELO hostname that doesn't resolve. If you're already
> going to reject
> > > HELO from non-fqdn or invalid hostnames, why accept it
> from ones that
> > > don't resolve at all?
> > >
> > >
> > > --
> > > Phil Stracchino
> > > Babylon Communications
> > > phils at caerllewys.net
> > > phil at co.ordinate.org
> > > Landline: +1.603.293.8485
> > > Mobile: +1.603.998.6958
> > >
> > >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list