Web lists-archives.com

Re: [Samba] [NOT Samba] How "safe" is reject_unknown_helo_hostname?




Oeps. 
Well it happens more often.. Well at least last time was some time ago..  :-) 
And no not on beer yet.. Drive car first home then drink.

Greet, 

Louis

> -----Oorspronkelijk bericht-----
> Van: Jonathon Reinhart [mailto:jonathon.reinhart@xxxxxxxxx] 
> Verzonden: vrijdag 26 april 2019 16:42
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] How "safe" is reject_unknown_helo_hostname?
> 
> Louis,
> 
> FYI: I think you accidentally responded to samba-users and 
> not postfix-users.
> 
> 
> On Fri, Apr 26, 2019 at 10:33 AM L.P.H. van Belle via samba
> <samba@xxxxxxxxxxxxxxx> wrote:
> >
> >
> >
> > Helo hostname MUST have resolvable hostname.
> > Crazy or not, but i use this.
> >
> > The _access-allow parts for server you really trust.
> >
> > smtpd_client_restrictions =
> >     permit_mynetworks,
> >     reject_unauth_destination,
> >     check_client_access 
> cidr:/etc/postfix/check_client_access-allow.cidr,
> >     reject_unknown_hostname,
> >     reject_non_fqdn_hostname,
> >     reject_invalid_hostname,
> >     reject_unknown_reverse_client_hostname,
> >     check_client_access 
> cidr:/etc/postfix/check_client_access-reject.cidr,
> >     reject_unauth_pipelining
> >
> > smtpd_helo_required = yes
> > smtpd_helo_restrictions =
> >     permit_mynetworks,
> >     reject_unauth_destination,
> >     check_helo_access 
> pcre:/etc/postfix/check_helo_access-hostname-checks.pcre,
> >     check_helo_access hash:/etc/postfix/check_helo_access-allow.map,
> >     reject_non_fqdn_helo_hostname,
> >     reject_invalid_helo_hostname,
> >     reject_unknown_helo_hostname,
> >     reject_unauth_pipelining
> >
> > Resulting in more happy customers since after my adviced 
> changes to there servers, they now also have less spam..
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: phils@xxxxxxxxxxxxxx
> > > [mailto:owner-postfix-users@xxxxxxxxxxx] Namens Phil Stracchino
> > > Verzonden: vrijdag 26 april 2019 15:47
> > > Aan: postfix-users@xxxxxxxxxxx
> > > Onderwerp: Re: How "safe" is reject_unknown_helo_hostname?
> > >
> > > On 4/25/19 7:56 PM, Allen Coates wrote:
> > > > I have been looking at the configuration parameter
> > > > "reject_unknown_helo_hostname", with a view to using it to
> > > resist spam.
> > > >
> > > > I know it is reasonably safe to reject an incoming email on
> > > an invalid or
> > > > non-fqdn HELO hostname, but *UNKNOWN?*
> > > >
> > > > I don't receive a sufficient corpus of email to make a
> > > reasoned judgment.
> > > >
> > > > Your comments would be appreciated.
> > >
> > >
> > > I don't see a fundamental risk in rejecting mail from servers
> > > claiming a
> > > HELO hostname that doesn't resolve.  If you're already 
> going to reject
> > > HELO from non-fqdn or invalid hostnames, why accept it 
> from ones that
> > > don't resolve at all?
> > >
> > >
> > > --
> > >   Phil Stracchino
> > >   Babylon Communications
> > >   phils@xxxxxxxxxxxxxx
> > >   phil@xxxxxxxxxxxxxxx
> > >   Landline: +1.603.293.8485
> > >   Mobile:   +1.603.998.6958
> > >
> > >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba