Wakko Warner wrote: > Renaud Allard wrote: >> I have set some rules that stores helo names in a mysql database and I >> used it to block sites when the helo domain (only the domain part) >> changed within small time intervals. However, it seems that some (many?) >> legit mailservers behave this way. So I would advise you against doing >> this. Changing the helo for the same IP is a very bad idea IMHO, but >> blocking on this only will reject legit mails. > > I have considered this myself, but have not done so. One thought comes to > mind. If the HELO is different, why not verify it? If you have a host that > is legit doing this, the A record of the HELO should match the IP and you > could allow that to pass. Most of the HELOs that I have seen are more of > the form of the PC name with a random domain tacked on which is more than > likely not resolvable. The reason I have not persued this is because other > tests I do always block the message. > You could still test such an ACL with the domain verification to make some stats on this. It may be a good idea.
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
