[BlueOnyx:16516] Re: dfix

[Michael Stauber]

Hi Steffan,

> service74.mimecast.com [195.130.217.57] did not issue MAIL/EXPN/VRFY/ETRN
> during connection to MTA
> 
> dfix is checking fort hat line so i know why they get blokked.
> But i dont understand why this is happening.
> Is this a problem on my hand or is the problem by mimecast

This happens when someone establishes a connection to Sendmail, but
doesn't issue any of the usual commands that are related to sending an
email. They just connect, check the response to see if the service is up
and running and then disconnect.

Certain dimwits such as mimecast apparently use this before email
sending as part of a verification process to see if the recipient email
address is valid. It's not even a proper verification by itself, because
all they can confirm with this is that the IP/domain runs an MTA. It
doesn't tell them if that user or alias even exists or if the MTA
configuration allows them to deliver that email.

So in itself it's a horrible practice with next to no gain. Dfix is
blocking this, because the same mechanism is also used during probes
from malicious people.

Personally I've come to disable this rule in Dfix2 on my own boxes, as
more and more dimwits are picking up on this horrible practice.

-- 
With best regards

Michael Stauber