[Mimedefang] $helo versus $ip
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Tue Feb 3 10:05:20 EST 2004
On Tue, 3 Feb 2004, Matt Cramer wrote:
> This will yield many false positives. Here is what I do:
>
> * Reject mail from outside relays who HELO as one of my domains.
> * Reject mail from outside relays who HELO as one of my networks, with or
> without brackets (e.g. "204.74.20.1" and "[204.74.20.1]")
> * Reject mail from outside relays who HELO as a string that isn't a domain
> or an address. I just check for a "." in the string. An amazing
> amount of ratware issues "HELO hjdjhdf" etc. I've had a few false
> positives where the server was just doing "HELO servername" and in all
> cases the admin of the sending server has corrected it.
This sounds cool. Despite the always mentioned problem, when Mail clients
connect to the server directly - like in my case.
Is there a way to determine, if the message came in through sendmail's MTA
(Port 25) or MSA (Port 587) channel?
Bye,
--
Steffen Kaiser
More information about the MIMEDefang
mailing list