On 2012-01-14 5:39 PM, Stan Hoeppner <s...@hardwarefreak.com> wrote:
On 1/14/2012 6:40 AM, Charles Marcus wrote:
I was more interested in what specific changes he made in order to use
it as a HELO blacklist, and how and why it avoided false positives when
it is used the way we have been using it
It wouldn't really require any changes. You could use it with
check_helo_access as is. The reason it avoids FPs in this usage is
just what he stated: legit MTAs with generic rDNS are going to HELO
with a real hostname, not the rDNS string.
Thanks to you and Noel for the explanation...
I'd also be curious to see comparisons of blocked traffic in these two
different uses (again by a high volume setup)...
--
Best regards,
Charles
