News for wibblers. Stuff that really doesn't matter. |
|
News for wibblers. Stuff that really doesn't matter. |
|
Save the teapot fund
New CSS web design for Wibble proudly provided by Kelv. Please contact the webmaster with any questions or concerns. |
Wibble > List archives > postfix > 2004 > October [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Blocking bad HELO ( and Netsky virus )
Good evening list .. Apparently, the NetSky/D virus is always using the recipients domain name when HELO'ing to my MTAs. Creating an access-table with my domain names and adding a check_helo_access line to my smtpd restrictions seems to get rid of the virus: --smtp_helo_blacklist-- <my-ip> 554 That's my name <my-hostname> 554 That's my name <mydomain1> 554 That's my domain name <mydomain2> 554 That's my domain name ----------------------- --main.cf--- smtpd_recipient_restrictions = .. .. check_helo_access hash:/etc/postfix/tables/smtp_helo_blacklist .. ------------ ..and of course making sure that parent_domain_matches_subdomains does not include smtpd_access_maps :=) So, besides from rejecting the NetSky vira at the smtp level, I also got myself a pretty reasonable anti-spoofing setup ( at least for the HELO part ). Are any of you guys using the same kind of blacklisting ? Am I breaking something with this approach ? Thanks /Torben
|
