On Thu, 29 Apr 2004 at 12:14 +0100, Alan J. Flavell wrote:
> It sort-of gives the site an opportunity to fix the problem, doesn't
> it?
That was the reasoning behind choosing 'defer'. Malware will probably
not retry, and legitimate senders have a chance to fix their server in
order to get their mail through.
The acl has been live for around 8 weeks and rejects over one million
recipients per week. During this time, only two senders (that I know
of) have had trouble, and in both cases the sender has fixed his/her
server. Two trouble tickets against 8 million worms/spams seems a fair
trade to me.
The rcpt_to acl (which is run after mail to postmaster is accepted) is
nothing more than a simple syntax check
defer message = Invalid HELO ($sender_helo_name) used by $sender_host_address. \
See RFC2821 S4.1.1.1 for syntax of the HELO command. \
This is a temporary error. You may try again after this \
server ($sender_host_address) has been fixed.
condition = ${if match{$sender_helo_name}{\N^[^.].*\.[^.]+$\N}{no}{yes}}
log_message = $sender_host_address gave an invalid HELO of $sender_helo_name
--
Andy Saunders
Oxford University Computing Services
