On Sun, 12 Mar 2006 [EMAIL PROTECTED] wrote:
>------------------------------
>From: John Rudd <[EMAIL PROTECTED]>
>
>For the IP-only HELO, or for HELO addresses you don't like, why not
>reject it during filter_helo? That's when I do it (though, I don't
>think I'm doing it for IP-only HELO's, I'm just doing it for obviously
>stupid HELO's, like ones that claim to be from my own domain when the
>IP addr isn't in my block, or from localhost when it's not localhost).
Who said I was going to wait until filter_end to reject it? As I noted
in my original query, I already reject the "stupid" HELOs long before
filter, let alone filter_end.
What I've noticed is that, often, what little SPAM leaks thru used an
IP-only HELO. My purpose is to globally increase the SPAM scores of any
foreign E-Mail where the mailserver HELO'd me IP-only, and also combine
that bit of information (the fact that the HELO was IP-only) with other
facts (e.g. a positive return from ClamAV) to see if I want to
bit-bucket the E-Mail before I bother calling SpamAssassin.
My philosophy is that the sooner I can ID and dump obviously garbage
E-Mail, the less of my resources the SPAMmer/phisher/cracker gets to
consume.
>------------------------------
>From: "David F. Skoll" <[EMAIL PROTECTED]>
>
>> I'd like to use the [HELO] information in filter_end, but I don't
>> have the HELO string
>
>Yes, you do. It's in the global variable $Helo.
Ah. Thanks for pointing that out.
>----------------------------------------------------------------------
I'm still interested in finding out if anyone knows of a low-cost way
to pick up on sendmail's determination of "may be forged" as it
eventually shows in the "Received: from" header.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
