On 12/7/06, Kelly Jones <[EMAIL PROTECTED]> wrote:
Spamassassin has lots of tests for fake HELOs. If someone says "HELO
hotmail.com", but aren't connecting from a Hotmail IP address, they
get dinged (spam score is increased).
Recently, someone connected our server, call it mx.xyz.com, and said
"HELO mx.xyz.com". Spamassassin didn't ding it for doing this.
Is there a ruleset that does this? I realize xyz.com couldn't be
hardcoded (otherwise, it'd be a different ruleset for everyone), but
is there a generic ruleset that uses a function call or something to
figure out your MX server (or the name of the machine spamassassin is
running on) and then ding someone HELO'ing as that?
Do it at the MTA level, in exim
acl_check_helo:
deny condition = ${if or{ { eq{$sender_helo_name}{$interface_address}} \
{ eq{$sender_helo_name}{$primary_hostname}} \
} {yes}{no}}
message = REJECTED: Fake HELO/EHLO: $sender_helo_name - That's our addre
ss!
accept
--
We're just a Bunch Of Regular Guys, a collective group that's trying
to understand and assimilate technology. We feel that resistance to
new ideas and technology is unwise and ultimately futile.
--
"A Scientist will earn a living by taking a really difficult problem
and spends many years solving it, an engineer earns a living by
finding really difficult problems and side stepping them"
