On Mon, 18 Nov 2019 at 12:23, Dominic Raferd <[email protected]> wrote:
> > > On Mon, 18 Nov 2019 at 12:00, @lbutlr <[email protected]> wrote: > >> Is it safe (or mostly safe) to simply block attempts to deliver mail with >> a helo that is only an IP address? (I am talking about only on >> postfix/stmpd and obviously not on postfix/submit or related). >> >> I have about 50,000 NOQUEUE reject from "helo=<[193.32.160.151]>" over >> the last week, for example. I see very few otherwise, and all are obviously >> spam with return addresses like [email protected] or >> [email protected]. >> > > Interesting idea. But I checked my records and - although YMMV - for us it > would have a lot of false positives. (BTW I couldn't do this through mail > logs because mine don't record the helo except when an incoming email is > rejected.) > Correction: actually I can't find any false-positives in my records (after I eliminated the false-false-positives...)
