[Mimedefang] Bouncing on invalid HELO/EHLO
Michael Sims
michaels at crye-leike.com
Thu Jun 12 11:23:00 EDT 2003
Quoting "G. Roderick Singleton" <gerry at pathtech.org>:
> On Thu, 2003-06-12 at 10:09, Jim McCullars wrote:
> > How many people actually bounce mail based on this rule?
> >
[...]
> My take on attempting to implement these types of tests was that is was
> much work for little gain when one employs the latest sendmail with
> mimedefang and ancillary programs such as spamassassin.
I have to respectfully disagree. I have added, among other things, a check to
make sure that the EHLO/HELO argument is a fully qualified domain name. If it
isn't, I increase the spam score of the message in question by 3 points. This
may seem drastic, but I tested this rule for a week and out of the 2000-3000
message it caught, only about 3 of them were legitimate. Other sites may have
different results, a safer adjustment is probably 1.5 - 2, but 3 works well for me.
In the past 48 hours this rule has flagged 668 messages. This number used to be
much higher before I started using sbl.spamhaus.org and list.dsbl.org to reject
connections at the Sendmail level.
I also flat out reject anyone who provides a raw IP address as a EHLO/HELO
argument rather than an address literal. In the past 48 hours I have rejected
159 connections on this basis.
As many other people do, I also reject any relay that claims to be in my domain
when it clearly is not. That has caught 424 connections in the past 48 hours.
The code I use to alter the SA score can be found in the following message
(although anyone who uses it will need to alter the score, as 4 is a bit high):
http://lists.roaringpenguin.com/pipermail/mimedefang/2003-May/005792.html
___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648 Pager: (901)769-3722
___________________________________________
More information about the MIMEDefang
mailing list