Postfix: How to stop domains that do not reverse DNS to ip with EHLO restrictions
Is it is possible to reverse DNS check the domain given with the EHLO/HELO command. Then reject/permit based on the reverse DNS telling me the IP connecting is/is not part of the network registered with that domain name. You will find a section of my configuration file and a dump of a telnet session with my server further down.
My /etc/postfix/main.cf looks like this. Code:
smtpd_sender_restrictions = Code:
[bookie@tintaglia ~]$ telnet some.server.net 25 |
Well, I don't know of any way to do this. I think this is basically why there's stuff like SPF (http://www.openspf.org/) and DKIM (http://www.dkim.org/).
I think what you'll find is that many sites do not provide a HELO which matches their reverse DNS. - Arch |
Yeah i've been looking through logs and i realised that the sending site/person might be from a domain other than the mail relay they use so that will not work well. I'm not sure if the expected input on EHLO is the senders domain or the relays domain but either way this won't work. SPF looks interesting so i will have a look at that.
Thank you for taking the time to answer. |
All times are GMT -5. The time now is 11:38 PM. |