as you point out, the problem is spammers can forge what's in the helo message just as they forge what's in MAIL FROM.
but also, unfortunately, a way large percentage of sites do not have correctly configured names in their helos. (some have ip addresses. some have their non-fully-qualified names.) i turned this on just as a warning and recently and discovered that around 15% of correspondents cause warnings. turning it on as an error will probably turn away mail from legit correspondents. (however, i suspect the absence of a legit HELO string could be productively used for grading by SA.) On Thu, Jun 26, 2003 at 04:49:23PM -0500, Bob Apthorpe wrote: > Hi, > > On Thu, 26 Jun 2003, Kai Schaetzl wrote: > > > Tony Earnshaw wrote on Thu, 26 Jun 2003 15:34:17 +0200: > > > > > I, and many other (increasingly many other) mailadmins refuse on invalid > > > HELO/EHLO credentials. Many can not afford to, many see this as a main > > > weapon against non-ham. > > > > Well, what do you exactly do to refuse them? Do a reverse lookup and see if > > it matches? Isn't that quite rigid and will also reject legitimate mail in > > maybe 10% of all instances? > > HELO/EHLO credentials don't have to match an existing host name but they > do have to be formatted properly (i.e. FQDN) I reject on broken HELO > format with Postfix using: > > smtpd_helo_required = yes > > smtpd_helo_restrictions = permit_mynetworks, > hash:$config_directory/moron_bypass, reject_invalid_hostname, > reject_non_fqdn_hostname, reject_unknown_hostname, > hash:$config_directory/ffd_source, permit > > reject_invalid_hostname drops connections with broken hostname syntax > > reject_non_fqdn_hostname rejects connections with HELO not formed as a > FQDN > > reject_unknown_hostname drops connections from machines without DNS A or > MX record (twitchy) > > hash:$config_directory/ffd_source ostensibly does some sanity checks on > mail purporting to come from freemail services (a hack I picked up on > SPAM-L) > > and hash:$config_directory/moron_bypass allegedly whitelists > connections from borked-but-borked servers. I'm not sure if it works. > > I wouldn't recommend some of these options for most installations. I get > FPs, especially because of reject_unknown_hostname, causing me to > temporarily lift that restriction every week or so (I suspect > moron_bypass is not working...) FPs are nowhere near > 10% (much, much less) and this blocks a fair chunk of spam. YMMV. > > hth, > > -- Bob > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: INetU > Attention Web Developers & Consultants: Become An INetU Hosting Partner. > Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! > INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php > _______________________________________________ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
