[Mimedefang] New spammer trick?
Mark
admin at asarian-host.net
Tue Nov 25 15:51:51 EST 2003
----- Original Message -----
From: "Matt Cramer" <mscramer at armstrong.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Tuesday, November 25, 2003 8:52 PM
Subject: Re: [Mimedefang] New spammer trick?
> On Tue, 25 Nov 2003, Joseph Brennan wrote:
>
> > > I have not had any false positives yet. And why would I, even? There
> > > is never ever a legitimate reason to pretend to be my server. So,
> > > anyone who does, is banished for all eternity.
> >
> > Some PC clients say HELO followed by domain name. I don't know
> > where this standards-non-compliant convention originated but it's
> > been around for a while. It's probably to avoid having the PC
> > look up its own hostname on dynamic lines. Hosts that do smtp
> > service for PCs need to allow this, unless your only supported
> > clients don't do it.
>
> In addition to blocking any server that answers with a HELO argument of
> one of our domains, or one of our addresses, we also require that the HELO
> argument be either a FQDN or an address (basically we look for a ".").
> This has cut down on a huge amount of spam.
I think there are too many PC clients out there who just send the computer
name as HELO. And that computer name is seldom a FQDN (at least not with
home users). Too many a time I get something like "HELO familyroom" from
them. :) You really want to exempt your own clients from these checks.
- Mark
More information about the MIMEDefang
mailing list