John Peacock wrote:
Bob Dodds wrote:
http://perlq.org/ yellow band shows that require_resolvable_fromhost
is a productive filter.
Except that is a different test (based on the same section of the RFC, however).
I've seen badly configured servers (*cough*Notes and Exchange*cough*) which
used the local machine name instead of a resolvable name; they were legit but
misconfigured. My latest version (which I may commit in a day or two) allows
you to run it in log_only mode, just to see how bad the situation is in the wild
today.
The most common HELO abuses I see are my IP address, 'localhost'[1] and
one of the server's domains, plus some claiming to be 'yahoo.com' and
'aol.com'.
We (SME Server) always put the server's IP and the last two in the
badhelo config.
Thanks,
Gordon
[1] Often used by manual tests, and things like webmail.
