Re: [courier-users] alternative (less drastic) HELO checks?

Thu, 04 Mar 2010 06:37:08 -0800 

Nathan Eady writes: 

> The short version is, BOFHCHECKHELO=1 causes too many rejections for
> some deployments, and so there was talk of implementing less-extreme
> HELO checks, such as ones to do some (but not necessarily all,
> depending on the contents of the bofh file) of the following: 
> 
>  * hosts that say they are us (but are not really us) are blocked 
> 
>  * HELO names that aren't even an FQDN are blocked

This check is not necessary, next one implies it. 

>  * non resolvable HELO names are blocked

I've successfully using such HELO check (by mean of localmailfilter 
mechanism and simple external program for DNS queries - helocheck) during 
last 2,5 years. Even with this very loose check I had to assemble 65 
entries whitelist file (helo.ex) to maintain BOFHs who cannot properly 
setup their MTAs. However the result worth this additional headache - 
effectiveness of the check is equal to RBL (for some periods of time even 
better). 

Example excerpt from my weekly Courier statistics:
Total incoming smtp connections: 152739
Locally delivered messages: 59661 

Error messages
511 Host blacklisted: 15740 (RBL zen.spamhaus.org)
513 Relaying denied: 12680
517 Domain does not exist: 4210
517 Host rejected: 18328 (My HELO check)
517 Sender rejected: 3055
550 User unknown: 104039 

Maildrop script performing the check: 

CONFDIR = "/mail/courier/etc"
import ESMTPHELO
import TCPREMOTEIP 

if ( ! $ESMTPHELO )
{
        exit
} 

include "$CONFDIR/maildroprcs/sendercheck" 

if ( ! lookup($ESMTPHELO, "$CONFDIR/maildroprcs/helo.ex") )
{
        `/usr/local/mybin/helocheck -n $ESMTPHELO -a $TCPREMOTEIP`
        if ( $RETURNCODE || lookup($ESMTPHELO, "$CONFDIR/locals") )
        {
                echo "517 Host rejected: $ESMTPHELO, see 
http://www.apps.ietf.org/rfc/rfc2821.html#sec-3.6";
                EXITCODE = 1
                exit
        }
} 

 --
Alexei.

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to