Menno van Bennekom wrote:
FYI, so far I only found 3 of these right-wing mails in my company. It seems almost all have been blocked by the RBL's in postfix: - dynablock.njabl.org - dul.dnsbl.sorbs.net - and a lot of dsl* dial* provider-domain-names I blocked in postfix. This helps for all kinds of spam from infected pc's so not only for this spam-run. They all get a reject at the MTA-level with a message like 'please send mail through your provider', and you can include a link to a web-form to complain about this. So far I only had to whitelist 5 addresses because they didn't know how to configure a smtp-server in their mail-system. It has been said before but I still would appreciate it very much if ISP's would only allow SMTP traffic to go through the provider's mail-servers, not directly from dsl/cable to the Internet. It would stop most spam/viruses from infected systems.
Recent viruses do use the ISP relay. and it is probable that most will, since some ISPs already block port 25. As a consequence, DUL or block-25 will be less and less effective.
If this isn't a sufficient argument, I can volunteer free code to be used to send via ISP relay if that can help you change your mind.
now how many of these would you miss if you check for non resolvable HELO?
