Re: [courier-users] Re: BOFHCHECKHELO and consequences

Thu, 09 Dec 2004 10:13:06 -0800 

Of course... if you could write an algorithm to tell the difference. ;-)

What I typically do is check the identify of the server by name, by IP, it's soa and mx records. If everything looks above board -- which I take to generally mean they show up as the same domain -- then I'll go ahead and whitelist them. Of course, there are *exceptions* where I know that a user is expecting a message from a particular source, so I know it's non-spam, but the information for the lookups doesn't match. This latter case happens a lot with folks who have outsourced parts of their IT, or are smaller companies where they completely host their services somewhere else.

Might be hard to write a script that could realistically catch all the cases. And that's why I generally send mail to the administrators of the affected domains... so they understand that this will eventually cause them real headaches if they don't fix their config.

Bill


Mark Bucciarelli wrote:

On Thursday 09 December 2004 03:59, Bill Taroli wrote:



So far, I've seen a handful come in since I built and installed the
updated code... and it appears to be working as advertised :-)



If spammers never retry, shouldn't it be easy to write a script that parses the mail.log and auto-whitelists the valid servers?

Regards,

Mark


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to