On 1/14/2012 6:40 AM, Charles Marcus wrote: > I was more interested in what specific changes he made in order to > use it as a HELO blacklist, and how and why it avoided false > positives when it is used the way we have been using it >
To use it as a HELO blacklist, you simply call it with check_helo_access pcre:/path/to/file This is less likely to have FPs since most mail admins will not use a dynamic-looking rDNS as their HELO hostname. Many bots apparently are coded to use the rDNS as their HELO; it will catch those.
