Blocking on HELO (was Re: [Mimedefang] filter_relay)
David F. Skoll
dfs at roaringpenguin.com
Mon Nov 1 10:24:54 EST 2004
On Mon, 1 Nov 2004, Aleksandar Milivojevic wrote:
> BTW, back to the original question of using HELO argument for filtering.
> One thing to note is that using HELO for any kind of checks is highly
> discouraged.
That's true. But a very narrow block can block a lot of spam. My mail
server (mail.roaringpenguin.com) has IP address 206.191.13.82.
Take a look at this:
$ fgrep 'HELO 206.191.13.82' /var/log/maillog | wc -l
49
The maillog covers about 36 hours. That means that more than once an hour,
some random host claims to be *my* IP address (206.191.13.82) in its HELO.
I block all of those and haven't had a complaint yet.
(If you were pedantic, you'd block a host that uses any kind of naked
IP address in HELO, because it really should use [ip.addr.of.host]
with the square brackets.)
Regards,
David.
More information about the MIMEDefang
mailing list