Tony Earnshaw wrote on Thu, 26 Jun 2003 15:34:17 +0200:
> I, and many other (increasingly many other) mailadmins refuse on invalid > HELO/EHLO credentials. Many can not afford to, many see this as a main > weapon against non-ham. >
Well, what do you exactly do to refuse them? Do a reverse lookup and see if it matches? Isn't that quite rigid and will also reject legitimate mail in maybe 10% of all instances?
My thoughts exactly, which is why I suggested the HELO credentials are pretty much useless these days, at least for blocking spam.
What do you check for ?
Do you check to see if its a valid FQDN ? So what, spammers will just use fully qualified domain names that exist. (hotmail.com anyone ? :)
Do you try to check that the helo response is the same as the reverse dns of the server that is connecting to you ? So what if it matches ? It's hardly difficult to do that, and there are LOTS of servers out there sending legitimate mail where they don't match properly.
What about servers with multiple hostnames and/or aliases ?
Now, something a bit smarter than the average bear, like SpamAssassin can use the HELO response in conjunction with other headers and use dodgy looking ones to add a bit to the message score, but outright blocking at the MTA level based on arbitary requirements for the HELO response is just insane...and bound to suffer high false positives...
Regards, Simon
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
