[Mimedefang] Requiring FQDN in HELO
Joseph Brennan
brennan at columbia.edu
Thu Dec 29 12:20:56 EST 2005
Dirk the Daring <dirk at psicorps.org> wrote:
> I've noticed a lot of SPAM does not have an FQDN in the HELO. It'll
> have just "localhost" or even omit a hostname entirely. Obviously, if
> the HELO is an IP address in square brackets, that's fine.
>
> Is there any danger of rejecting "legitimate" E-Mail if I write my
> mimedefang-filter to:
>
> 1) Absent an IP address in square brackets, require a
> an alphanumeric string in the HELO
>
> 2) Reject a HELO where the alphanumeric string is not
> a FQDN (using a regex looking for at least
> one "." in the HELO string)
We reject these cases:
HELO with our mx address "columbia.edu" (except allow
this for smtp auth'd mail, since some clients do this)
HELO with the real name of our mail server
HELO with the IP address of our mail server
HELO localhost
All of the above are just deliberately deceptive, and experience
of more than a year tells me that none of these errors appear in
legitimate mail.
Many other bad HELO strings are spam indicators, but all of them
also appear in legit mail, so we prefer to score for them rather
than reject. A string with no dots is the easiest to test, and
you might want to add points for all caps, 3 or fewer characters,
and the string 'friend'.
Joseph Brennan Columbia University Information Technology
This message is intended only for people who will read it. If you
did not read it, then either read it now or delete it and pretend
that you never got it. If another disclaimer is appended to this
one, a flipped coin showing 'heads' will cause this paragraph to
supersede the other except in jurisdictions where prohibited.
More information about the MIMEDefang
mailing list