calum.org:~#

Search results for spam


Posts


Postfix Antispam
Email blacklists
rm strcpy
Missing the point of SPF

Comments


Of course, there'll always be some mail servers that don't follow the RFCs properly.

Checking the logs, I noticed the following:

Sep 26 03:11:47 hosting postfix/smtpd[19263]: connect from mail7.exchange.microsoft.com[131.107.1.27]
Sep 26 03:11:49 hosting postfix/smtpd[19263]: NOQUEUE: reject: RCPT from mail7.exchange.microsoft.com[131.107.1.27]: 450 4.7.1 <df-gwy-07.exchange.corp.microsoft.com>: Helo command rejected: Host not found; from=<a.user@exchange.microsoft.com> to=<a.user@a.domain> proto=ESMTP helo=<df-gwy-07.exchange.corp.microsoft.com>
Sep 26 03:11:49 hosting postfix/smtpd[19263]: disconnect from mail7.exchange.microsoft.com[131.107.1.27]

Now, according to the SMTP RFC (http://www.ietf.org/rfc/rfc2821.txt):

The domain name given in the EHLO command MUST BE either a primary
host name (a domain name that resolves to an A RR) or, if the host
has no name, an address literal as described in section 4.1.1.1.

So why isn't there a DNS entry for df-gwy-07.exchange.corp.microsoft.com?

Anyway, to allow these broken setups to skip the "reject_unknown_hostname" in "smtpd_helo_restrictions", (as I don't want to disable it - it catches 95% of the spam) - you need to do the following:
* In main.cf, add parent_domain_matches_subdomains = yes
* In the smtpd_helo_restrictions section, add "check_helo_access hash:/etc/postfix/helo_access"
* In that helo_access file, list the offending "HELO/EHLOs" - in this case:

.exchange.corp.microsoft.com OK

* Finally, run postmap /etc/postfix/helo_access to build the DB file, and restart postfix.

It does appear to be a problem more with some mail server admins than others. (https://www.nearlyfreespeech.net/about/email.php#software)

Here is a slightly old but still useful presentation from Ohio LinuxFest 2004 about dealing with spam in Postfix. http://www.potentialtech.com/wmoran/spam.pdf