Steffen Heil wrote: > Hi > > Is there a valid reason for a mail server to connect to my mailserver from > the same ip with different hostnames (as told in helo/ehlo)? > I am thinking about blacklisting ips that tell me more then 3 hostnames from > the same ip within less than 24 hours for about a week. > > Every legal mailserver I know always connects using the same helo name. > But a lot of spammers connect multiple times using different helo names from > the same ip. > > Any thoughts on this? > > Regards, > Steffen >
I have set some rules that stores helo names in a mysql database and I used it to block sites when the helo domain (only the domain part) changed within small time intervals. However, it seems that some (many?) legit mailservers behave this way. So I would advise you against doing this. Changing the helo for the same IP is a very bad idea IMHO, but blocking on this only will reject legit mails.
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
