Alexandru Molodoi writes:
I noticed that most e-mail messages sent by infected machines claim in ehlo or helo that their domain name is the domain name of the e-mail address they are sending to. For example, if the virus sends a message to [EMAIL PROTECTED], it claims that the message its domain name is also targetdomain.tld. Is there a way to reject only such connections that pretend to be from the targeted domain, but ip is different? (appart from toggling nodnslookup in courierd config file)
There is the âopt BOFHCHECKHELO=1â bofh option, but it will check the validity of a HELO/EHLO in a wide variety of ways. You will end up bouncing an occasional non-spam message from a misconfigured mail server.
But, in today's environment, the tradeoff is worth it, in my opinion. This simple check is sufficient to block at least 50% of spam.
pgpfIKihwEycx.pgp
Description: PGP signature
