[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: Refuse mail from hosts with closed port 25
From:       Matus UHLAR - fantomas <uhlar () fantomas ! sk>
Date:       2019-09-18 7:56:49
Message-ID: 20190918075649.GB32069 () fantomas ! sk
[Download RAW message or body]

>>>On 16 Sep 2019, at 13:47, Paul van der Vlis <paul@vandervlis.nl> 
>>>wrote:
>>>
>>>How can I refuse mail from hosts who don't have an open port 25?

>On 16 Sep 2019, at 9:17, Kevin A. McGrail wrote:
>>Paul, I wrote a module which I need to update on Perl's CPAN called
>>Net::validMX that we use to reject IPv4 domains that aren't properly
>>setup to receive mail from sending to us.  We've used it in 
>>production
>>with MIMEDefang.  And as a small, boutique ESP for over a decade, 
>>likely
>>closer to 15 years with no complaints/FPs of note.

On 16.09.19 09:59, Bill Cole wrote:
>I don't believe that Net::validMX does anything more *at the domain 
>level* than Postfix's built-in reject_unknown_sender_domain 
>restriction. Its check_email_validity() may be a bit more strict than 
>Postfix's built-in address sanity checks.

you can both still add checking for bogus MX records, e.g. poinging to
private/reserved address space, MX pointing to CNAME etc.

The first can be done in postfix by using check_sender_mx_access, for the
latter you need using something like rfc-clueless blacklist.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*
[prev in list] [next in list] [prev in thread] [next in thread]