----- Original Message ----- From: "Mark" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 04, 2004 9:13 AM Subject: [Mimedefang] HELO + PTR countr-code TLD matching
> This may not be, in the strictest sense, a MIMEDefang matter per se; but > this afternoon I thought up a nice HELO test, that I think may be of use to > others here too. > > When I have a valid HELO name and a valid PTR, I check to see whether both > end in a valid country-code TLD; and, if so, whether they match. If not, I > reject the message. Like so: > [...] > I am actually rather pleased with the result. :) It seems quite an effective > early-out mechanism to weed out spam at the SMTP stage. And it feels pretty > benign too; it requires no PTR; but if one is present, with a country-code > TLD not matching a present HELO country-code, then, and only then, I cry > spam. > > I'd be curious what other people think. I went over the logs for last month's messages and came up with the following statistics: 4477334 total messages 13791 had country-code TLD mismatches 7689 were greylisted 6034 had a SpamAssassin score > 7.5 (median score 23.86) 13 had a SpamAssassin score between 5 and 7.5 (all were spam) 1 had a SpamAssassin score < 5, and it was spam too 15 had malformed addresses (spaces, control characters, routing characters) 38 had viruses (only File::Scan was used). ZERO false positives. Good test! Chris Myers Networks By Design _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
