On 8/5/2013 12:54 PM, Ronald F. Guilmette wrote: > In message <[email protected]>, > Noel Jones <[email protected]> wrote: > >> I use a pcre table to reject any HELO that starts with a bracket or >> looks like an IP. Legit hosts that use this form are very rare here >> -- maybe one every couple years. >> ... >> There is no built-in postfix restriction to compare the HELO to the >> client hostname, and I would question the value of such a feature. > > Correct me if I'm wrong, but I think you just made the case for > the value of such a feature.
No. Here, near-zero legit clients use bracketed HELO. Looks as if I've whitelisted 2 clients in the last ~5 years (I see one of them has fixed their HELO sometime since then). That's close enough to zero for me. My solution is to reject everyone that has a bracketed IP in the HELO, using a simple check_helo_access pcre map. I don't care if a spambot is RFC compliant, I still don't want their mail. I see zero value in testing to see if the HELO IP is forged, since using any IP seems to be a very strong spambot indicator. I know my spam is not your spam, so maybe you see something different. Provide some evidence if you think this is useful. To make a case that any new feature is needed, it must be of widespread benefit, and provide something that cannot (easily) be done using existing tools. Including sample code and documentation helps. I will note that I'm referring to random internet clients and not authorized SMTP AUTH or mynetworks clients. Desktop mail clients send all manner of cruft as their HELO, and doing *any* kind of HELO tests on authorized clients is foolish. >> Do you see >> significant numbers of legit hosts using a bracketed IP HELO? > > None so far. The defense rests. > > > Regards, > rfg > -- Noel Jones
