On Thu, 9 Nov 2006, "David F. Skoll" <[EMAIL PROTECTED]> wrote:
Dirk the Daring wrote:
I use filter_helo and am quite happy with it. I successfully reject
obviously fraudulent HELOs at filter_helo.
At least, you *think* you do.
If you test it, you'll discover they're only rejected at MAIL FROM: time.
No, I'm fairly sure about this.
When I re-wrote my filter to take advantage of filter_helo, I also
inserted quite a few logging statements. Mainly to insure that my filter
did what I wanted it to do.
My examination of my logs quite clearly shows that when filter_helo
ended with a return('REJECT'), the connection progressed no further. I
have plenty of examples of this.
Also, after some analysis, I found I was able to reject some 50% of
foreign (not on my network) SMTP connections by the end of filter_helo.
Between sendmail's GREETPAUSE, RATECONTROL and CONNCONTROL; and using
filter_helo to detect obviously fraudulent HELOs, I dropped half the
spammers that much sooner.
I've already removed filter_helo from the svn version of MIMEDefang;
I appreciate all the work you do, and I've always been very happy with
MIMEDefang. I'm constantly referring people looking for a better anti-SPAM
solution to the RP website.
I really wish you'd reconsider removal of filter_helo. My personal
anti-SPAM philosophy is "Reject early, reject often" and filter_helo helps
me do that.
you can just move your test unchanged into filter_sender.
That can be done and will work, but it allows spammers to waste that
much more of my mail relay's CPU and my network's bandwidth. If I know
they're fraudulent at HELO, why let them lie to me again at MAIL FROM ?
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
