[Mimedefang] New spammer trick?
Matt Cramer
mscramer at armstrong.com
Wed Nov 26 08:14:27 EST 2003
On Tue, 25 Nov 2003, Mark wrote:
> > In addition to blocking any server that answers with a HELO argument of
> > one of our domains, or one of our addresses, we also require that the HELO
> > argument be either a FQDN or an address (basically we look for a ".").
> > This has cut down on a huge amount of spam.
>
> I think there are too many PC clients out there who just send the computer
> name as HELO. And that computer name is seldom a FQDN (at least not with
> home users). Too many a time I get something like "HELO familyroom" from
> them. :) You really want to exempt your own clients from these checks.
I do no filtering on my outgoing mail so this isn't a problem. For every
one legitimate company trying to send us mail and issueing "mail1" or
something as their HELO argument, I am blocking tens of thousands of spams
from ratware that sends "HELO ksdfhj" or some other random string.
Matt
--
Matthew S. Cramer <mscramer at armstrong.com> Office: 717-396-5032
Infrastructure Security Analyst Fax: 717-396-5590
Armstrong World Industries, Inc. Cell: 717-917-7099
More information about the MIMEDefang
mailing list