Search results for spam
Missing the point of SPF
Of course, there'll always be some mail servers that don't follow the RFCs properly.
Checking the logs, I noticed the following:
Sep 26 03:11:47 hosting postfix/smtpd: connect from mail7.exchange.microsoft.com[220.127.116.11]
Sep 26 03:11:49 hosting postfix/smtpd: NOQUEUE: reject: RCPT from mail7.exchange.microsoft.com[18.104.22.168]: 450 4.7.1 <df-gwy-07.exchange.corp.microsoft.com>: Helo command rejected: Host not found; from=<email@example.com> to=<firstname.lastname@example.org> proto=ESMTP helo=<df-gwy-07.exchange.corp.microsoft.com>
Sep 26 03:11:49 hosting postfix/smtpd: disconnect from mail7.exchange.microsoft.com[22.214.171.124]
Now, according to the SMTP RFC (http://www.ietf.org/rfc/rfc2821.txt):
The domain name given in the EHLO command MUST BE either a primary
host name (a domain name that resolves to an A RR) or, if the host
has no name, an address literal as described in section 126.96.36.199.
So why isn't there a DNS entry for df-gwy-07.exchange.corp.microsoft.com?
Anyway, to allow these broken setups to skip the "reject_unknown_hostname" in "smtpd_helo_restrictions", (as I don't want to disable it - it catches 95% of the spam) - you need to do the following:
* In main.cf, add parent_domain_matches_subdomains = yes
* In the smtpd_helo_restrictions section, add "check_helo_access hash:/etc/postfix/helo_access"
* In that helo_access file, list the offending "HELO/EHLOs" - in this case:
* Finally, run postmap /etc/postfix/helo_access to build the DB file, and restart postfix.
It does appear to be a problem more with some mail server admins than others. (https://www.nearlyfreespeech.net/about/email.php#software)
Here is a slightly old but still useful presentation from Ohio LinuxFest 2004 about dealing with spam in Postfix. http://www.potentialtech.com/wmoran/spam.pdf