On 05/22/2015 04:01 AM, Sam Varshavchik wrote: > HELO is a good canary in the coalmine. Legitimate mail senders will pay > attention and configure their mail servers properly, so that their HELO > matches their DNS address.
Sure, but in the context of this filter, I think that's not relevant. The baddns filter that Lindsay wrote would originally load the HELO string from the control file, look up the NS associated with the domain, and then apply rate limiting if that NS is one known to be associated with domain tasting. I imagine that works when spammers feed campaigns through malware, as HELO and MAIL FROM domains probably often match. However, in the case where legitimate mail servers are subverted, HELO probably won't lead back to such an NS record, but the domain in MAIL FROM still will. That seems like a better key, to me. ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
