[Mimedefang] HELO + PTR countr-code TLD matching
Mark
admin at asarian-host.net
Wed Feb 4 10:13:10 EST 2004
Hello folks,
This may not be, in the strictest sense, a MIMEDefang matter per se; but
this afternoon I thought up a nice HELO test, that I think may be of use to
others here too.
When I have a valid HELO name and a valid PTR, I check to see whether both
end in a valid country-code TLD; and, if so, whether they match. If not, I
reject the message. Like so:
EHLO arti.vub.ac.be
--- 250-asarian-host.net Hello 217-162-19-122.dclient.hispeed.ch
[217.162.19.122], pleased to meet you
550 5.7.1 <mmaloneaj at onlinehome.de>... Go away, spammer! [217.162.19.122]:
"Belgium" [.be HELO] <=> "Switzerland" [.ch PTR]
I only have this running for two hours (within a Milter), but it has already
rejected several hundreds of messages! And no false positives yet.
I am actually rather pleased with the result. :) It seems quite an effective
early-out mechanism to weed out spam at the SMTP stage. And it feels pretty
benign too; it requires no PTR; but if one is present, with a country-code
TLD not matching a present HELO country-code, then, and only then, I cry
spam.
I'd be curious what other people think.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
More information about the MIMEDefang
mailing list