RE: [Declude.JunkMail] Block on HELO

[Kevin Bilbee]

If an ISP SMTP server is dynamically changing their HELO to what it receives from the cleint then the ISP has the issue. The hello from an ISP should be a valid host name with an IP address or the ISP's domain name with an MX record.   I have been running the HELO test since DECLUDE started supporting IMail auth and have 0 reported incidents of a false positive.   All the articles I read all say the same thing use SMTP auth when filtering the HELO on local domain names.     Kevin Bilbee -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Matt Sent: Wednesday, March 17, 2004 12:31 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Block on HELO That doesn't cover it all. If you have a client that say for instance is being blocked on port 25, they may have Netscape configured with their E-mail address from your server, but they would be using the SMTP server of their ISP.  The HELO is often passed intact from the client to the destination. Search the archives for FORGEDHELO-FQDN for this filter. http://www.mail-archive.com/cgi-bin/htsearch?config=declude_junkmail_declude_com&restrict=&exclude=&words=FORGEDHELO-FQDN Matt Kevin Bilbee wrote: Use WHITELIST AUTH on IMail 8.x but you are correct if you are on an earlier IMail version.     Kevin Bilbee -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Sent: Wednesday, March 17, 2004 11:12 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Block on HELO If you do this, you must exclude Netscape/Mozilla clients from this check.  Those clients will use the domain name of the sender as the HELO. Matt Lyndon Eaton wrote: While you are att it you will also see many spoofs of you domain name I would also suggest adding HELO xx IS mydomainname Kevin Bilbee Good thinking, thanks. ************************************************ Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) ************************************************ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================