On Mon, Nov 05, 2007 at 11:11:00AM -0500, Paul Chauvet wrote: > On Thu, 2007-11-01 at 18:25 -0400, Adam wrote: > > Chris Knadle wrote: > > > One favorite are email connections that start off with a HELO/EHLO > > > greeting > > > that isn't a FQDN as is required by RFC 2821. When I started rejecting > > > these > > > it cut out 33% of junk email, without having to do any expensive > > > computation. > > > > Chris, could you explain how to do this, or point me to someplace that > > does? Thanks! > > > > Adam > > In Postfix at least, you can do this with reject_non_fqdn_hostname in > the smtpd_helo_restrictions. In addition we reject a ton of spam from > people who try to HELO/EHLO as our hostname or IP address. in the same > smtpd_helo_restrictions section, we also have: > check_helo_access hash:/opt/pmx4/postfix/etc/helo_access > > I know this is more than you asked but we reject about 400,000 messages > per month based on attempted spoofing of our hostnames/ip addresses in > the HELO/EHLO stage of the connection.
I'll second this one as quite useful - I hadn't been doing this, just enabled it and I've filtered out 20 junk emails in as many minutes (and this is just on my personal server, all of them were addressed to me. I get a *lot* of spam.) -m -- Mike Kershaw/Dragorn <[EMAIL PROTECTED]> GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1 Be different: conform.
pgpZ2Kr6pvIH1.pgp
Description: PGP signature
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Oct 3 - Security and Privacy Nov 7 - Django Python Application Framework
