Blocking on HELO (was Re: [Mimedefang] filter_relay)

David F. Skoll dfs at
Mon Nov 1 10:24:54 EST 2004

On Mon, 1 Nov 2004, Aleksandar Milivojevic wrote:

> BTW, back to the original question of using HELO argument for filtering.
>   One thing to note is that using HELO for any kind of checks is highly
> discouraged.

That's true.  But a very narrow block can block a lot of spam.  My mail
server ( has IP address

Take a look at this:

$ fgrep 'HELO' /var/log/maillog | wc -l

The maillog covers about 36 hours.  That means that more than once an hour,
some random host claims to be *my* IP address ( in its HELO.
I block all of those and haven't had a complaint yet.

(If you were pedantic, you'd block a host that uses any kind of naked
IP address in HELO, because it really should use []
with the square brackets.)



More information about the MIMEDefang mailing list