Refuse mail from hosts with closed port 25

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: Refuse mail from hosts with closed port 25

Chris Wedgwood
> How can I refuse mail from hosts who don't have an open port 25?
>
> What do you think from such a check?

i have tried this, it's not useful, so i didn't leave the check in
place

it's very common, perhaps even the norm that the IP address which
delivers mail to me itself will not accept an incoming port 25
connection

> I've investigated why somebody did not receive mail from a virtual
> machine, and I found out her provider (reviced.nl) refuses all mail
> from a host what does not have port 25 open. I have much problems
> with spam and I would like to reduce it.

this will stop a lot of legitimate mail

and probably not stop much spam
Reply | Threaded
Open this post in threaded view
|

Re: Refuse mail from hosts with closed port 25

Matus UHLAR - fantomas
In reply to this post by Bill Cole-3
>>>On 16 Sep 2019, at 13:47, Paul van der Vlis <[hidden email]>
>>>wrote:
>>>
>>>How can I refuse mail from hosts who don't have an open port 25?

>On 16 Sep 2019, at 9:17, Kevin A. McGrail wrote:
>>Paul, I wrote a module which I need to update on Perl's CPAN called
>>Net::validMX that we use to reject IPv4 domains that aren't properly
>>setup to receive mail from sending to us.  We've used it in
>>production
>>with MIMEDefang.  And as a small, boutique ESP for over a decade,
>>likely
>>closer to 15 years with no complaints/FPs of note.

On 16.09.19 09:59, Bill Cole wrote:
>I don't believe that Net::validMX does anything more *at the domain
>level* than Postfix's built-in reject_unknown_sender_domain
>restriction. Its check_email_validity() may be a bit more strict than
>Postfix's built-in address sanity checks.

you can both still add checking for bogus MX records, e.g. poinging to
private/reserved address space, MX pointing to CNAME etc.

The first can be done in postfix by using check_sender_mx_access, for the
latter you need using something like rfc-clueless blacklist.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*
12