[Mimedefang] Suggestions on rejecting relays that provide syntactically-invalid arguments to HELO/EHLO

[Jeffrey Goldberg]

On Thu, 22 May 2003, Michael Sims wrote:

> So now I'm thinking about rejecting these inside filter_relay() and saving
> myself a lot of resources on the front end.

Additionally, you could reject them within sendmail using variants of the
rule-sets in the discussion you mentioned.

I always try to "delay checks" so that I can get mail to postmaster from
blocked or misconfigured sites.

> I'm also trying to decide what error I want to give people.  I should
> probably give an error such as "Invalid argument passed to HELO" or even
> "HELO requires fully qualified domain name or address literal", but I
> hesitate to tell the spammers how to fix their spamware to bypass this.
> I'm sorely tempted to just respond with a generic "Access denied"

There are good arguments either way.  I suspect that it is a philosophical
difference.  Considering that the bounces that will be generated will
probably not go to the spammer, and the fact that legit sites could easy
be misconfigured, I would go with the former.

-j

-- 
Jeffrey Goldberg                            http://www.goldmark.org/jeff/
 Relativism is the triumph of authority over truth, convention over justice
 Hate spam?  Boycott MCI! http://www.goldmark.org/jeff/anti-spam/mci/