| Rich Freeman via plug on 26 Aug 2021 17:27:32 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] my bash script to report rogue Microsoft 365 servers |
On Thu, Aug 26, 2021 at 7:26 PM CJ Fearnley via plug <plug@lists.phillylinux.org> wrote: > > Today I wrote a script to report to Microsoft all the rogue Microsoft > 365 servers that tried to send me e-mail yesterday. After a few days of > testing, I will add it to my crontab. > > Maybe JP will find an idea here for his book. > > This is a David versus Goliath effort: I need all the help I can get. > > So, I welcome any advice to improve the script or to further shame > Microsoft for their despicable 365 e-mail server management practices. What exactly are they sending in HELO? Your tweets are a bit vague, but it sounds like you're concerned that HELO, forward DNS, and reverse DNS don't match. Per the RFC, there is no requirement that forward/reverse DNS match. Per the RFC, the recommendation in this case is to transmit the IP address in the HELO, optionally followed by some identifying text (which can basically be anything). It isn't clear from your tweets whether they are doing that. https://datatracker.ietf.org/doc/html/rfc2821#page-29 In situations in which the SMTP client system does not have a meaningful domain name (e.g., when its address is dynamically allocated and no reverse mapping record is available), the client SHOULD send an address literal (see section 4.1.3), optionally followed by information that will help to identify the client system. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug