Martijn Lievaart wrote:
Bill Taroli <[EMAIL PROTECTED]> writes:
[...] the BOFHCHECKHELO feature by itself has definitely made the
DNS misconfiguration of many environments very apparent. I've found
myself busy emailing fellow administrators about mail delivery issues
that have resulted in more stringent checking of mail servers'
identities.
You don't have to mail the fellow admin, another option is to whitelist the domain. Especially yahoo and hotmail will probably not change thir hello strings for some smalltime mailservers.
Wouldn't it make more sense to whitelist by IP address rather than domain? After all, all it takes to spoof a domain is to change what gets sent in the HELO string... hence the desire for the verification in the first place. :-)
smime.p7s
Description: S/MIME Cryptographic Signature
