for some time, i've been mechanically doing all of my acl stuff in the
recipients check, based on conventional wisdom that 5xx gets listened to
best after RCPT TO:
i've reconsidered that, based on recent/current events. i've now got the
following attached to the helo acl, i strongly recommend it:
check_helo:
drop message = HELO/EHLO must contain a Fully Qualified Domain Name
hosts = !+relay_hosts
condition = ${if match {$sender_helo_name}{\N^[^.].*\.[^.]+$\N}{no}{yes}}
drop condition = ${if eq{$sender_ident}{squid}{yes}{no}}
message = we do not accept mail from squid proxies
drop condition = ${if eq{$sender_ident}{CacheFlow Server}{yes}{no}}
message = we do not accept mail from CacheFlow Servers
drop message = host is listed in $dnslist_domain
dnslists = cbl.abuseat.org : \
opm.blitzed.org
accept
the logic being that these callers are by and large things that aren't
going to take 5xx for an answer, so why wait? in particular, right this
instant we're all being pounded by Sobig and this should clear out those
connections quicker.
i'm sure many are doing this already, but i suspect others might appreciate
the tip.
richard
--
Richard Welty rwelty@???
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
