Turned on opt BOFHCHECKHELO=1 last night. Wow. Blocks a lot of spam. Also blocked some legit e-mail too. I've been contacting a couple administrators for small networks to have them fix their DNS lookups.
However, I've run into issues with big sites like hotmail.com and amazon.com. I'm not going to get them to fix anything. In hotmail's case, the outbound mail server just says 'HELO hotmail.com'. The IP address of the outbound mail server resolves to a hostname in the hotmail.com domain. For example, the reverse on 64.4.16.196: 196.16.4.64.in-addr.arpa domain name pointer bay22-dav16.bay22.hotmail.com. So it appears that we are not accepting the situation where the HELO reports just the domain name, and the actual server is in the reported domain name. Obviously, this host may not be listed in the MX records for the domain. Is this the behavior we want for BOFHCHECKHELO? Or should it pass though anything where at least the domain names match? James Graves Delta Mobile Software http://www.deltamobile.com ------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
