Johan Sleeuwenhoek wrote:
I'm configuring a similar setup and was wondering whether it is
possible to put it in filter_helo?
2006/9/19, Cormack, Ken <[EMAIL PROTECTED]>:
I'd like to see if anyone has any comments on an idea to block spam from
forged senders who claim my domain in the sender address. I'm assuming
something like this could (or should?) be done for both the SMTP "MAIL
FROM:" and the "From:" in the header.
If you put it in filter_sender, you can still check against the
HELO/EHLO string, but you can also exempt anyone who has done
SMTP-AUTH. So, it's really better to put it in filter_sender.
But:
1) to reject based on the content of the HELO string is an RFC violation
2) In my experience, 90% of the things you would reject are going to be
caught by doing other checks, such as:
a) IP address doesn't have a PTR record
b) the hostname in the PTR record doesn't resolve back to the IP address
c) the hostname in the PTR record goes to a CNAME and not an A record
d) the hostname in the PTR record looks "dynamic" (has words like
dsl, cable, dial-up, dialup, dhcp, or dynamic in the hostname, or has 2
or more octets of the IP address in its hostname)
IMO: you're better off checking for those 4 things than looking at the
HELO/EHLO string.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
