Renaud Allard wrote: > I have set some rules that stores helo names in a mysql database and I > used it to block sites when the helo domain (only the domain part) > changed within small time intervals. However, it seems that some (many?) > legit mailservers behave this way. So I would advise you against doing > this. Changing the helo for the same IP is a very bad idea IMHO, but > blocking on this only will reject legit mails.
I have considered this myself, but have not done so. One thought comes to mind. If the HELO is different, why not verify it? If you have a host that is legit doing this, the A record of the HELO should match the IP and you could allow that to pass. Most of the HELOs that I have seen are more of the form of the PC name with a random domain tacked on which is more than likely not resolvable. The reason I have not persued this is because other tests I do always block the message. -- Lab tests show that use of micro$oft causes cancer in lab animals Got Gas??? -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
