postfix and header_checks
Bill McGonigle
bill at bfccomputing.com
Thu Sep 27 15:30:57 EDT 2007
On Sep 26, 2007, at 16:30, Paul Lussier wrote:
> Does anyone here use postfix's header_checks or body_checks maps as a
> spam-prevention mechanism?
I'm using these:
reject_unauth_destination,
reject_invalid_hostname,
reject_unknown_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
and the results are better than I expected.
They also have a higher false-negative rate (surprise) as some
legitimate MTA's are mis-configured, most often in the form of
HELO'ing an internal hostname, rather than a verifiable one. Almost
every admin I've contacted about this has been gracious for the
notification and fixed it almost immediately. One noticeable
exception was inside a healthcare insurance bureaucracy from MA where
nobody seemed to know who actually ran the servers. hostmaster@
bounced. So, they got whitelisted instead.
-Bill
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Cell: 603.252.2606
http://www.bfccomputing.com/ Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf
More information about the gnhlug-discuss
mailing list