On Thu, Mar 13, 2003 at 02:08:31AM -0800, Ask Bjoern Hansen wrote: > I'd like to hear how it works over a few weeks or so. I fear that > some "real" SMTP clients send the HELO as soon as they are > connected.
Sure, I'll continue to keep an eye on the logs. Any MTA/MUA that would dequeue mail without seeing a 200-ok is hopeless, but there might be embedded MUAs foolishly trying it as an optimization. So far all I'm seeing a lot of spammers using open HTTP proxies, which I have to grant is fairly clever. To catch this sort of thing is going to require a generalized command hook, though that'd ultimately be the ideal thing to have to catch overeager pipelining also. check_earlytalker plugin: host spontaneously said: [POST / HTTP/1.0] check_earlytalker plugin: host spontaneously said: [Content-type: application/x-www-form-urlencoded] check_earlytalker plugin: host spontaneously said: [Content-length: 1028] check_earlytalker plugin: host spontaneously said: [Client-ip: 157.156.1.136] check_earlytalker plugin: host spontaneously said: [Connection: keep-alive] check_earlytalker plugin: host spontaneously said: [Via: HTTP/1.0 Cluster_fcache[C0A8011C] (Traffic-Server/4.0.18 [uScM])] check_earlytalker plugin: host spontaneously said: [Host: 66.92.186.143:25] check_earlytalker plugin: host spontaneously said: [] check_earlytalker plugin: host spontaneously said: [HELO cmviyay] check_earlytalker plugin: host spontaneously said: [MAIL FROM: <[EMAIL PROTECTED]>] check_earlytalker plugin: host spontaneously said: [RCPT TO: <[EMAIL PROTECTED]>] -- Devin \ aqua(at)devin.com, 1024D/E9ABFCD2; http://www.devin.com Carraway \ IRC: Requiem GCS/CC/L s-:--- !a !tv C++++$ ULB+++$ O+@ P L+++
pgp00000.pgp
Description: PGP signature
