> > 'HELO [65.55.234.213]' or 'EHLO [65.55.234.213]' .. perfectly legal but > > something malware and bots do as well.. > > While HELOing like this that might be perfectly "legal", this is > something which is probably going to be blocked as well by many/most > servers.
I selectively greylist in cases of such HELO or no FCRDNS or some DNSBLs suspected of false positives. Greylisting fends off most Windows spambots and takes care of temporary DNS errors. If nothing looks suspicious and the host is not in any DNSBL then no greylisting. But I reject in cases of my IP (in brackets or bare) or my domain in HELO (some viruses do that). _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
