[Mimedefang] OT: New Sendmail spam block
Mark
admin at asarian-host.net
Fri Mar 25 20:40:59 EST 2005
> -----Original Message-----
> From: mimedefang-bounces at lists.roaringpenguin.com
> [mailto:mimedefang-bounces at lists.roaringpenguin.com] On
> Behalf Of John Buysse
> Sent: vrijdag 25 maart 2005 20:53
> To: mimedefang at lists.roaringpenguin.com
> Subject: Re: [Mimedefang] OT: New Sendmail spam block
>
>
> I am with one of the universities Ben is dealing with. I was quoting
> RFC 2821, not RFC 821. We are not rejecting messages with an invalid
> HELO command based on RFC 1123, as we are not verifying the the info
> provided. We are rejecting messages with an invalid HELO
> command based RFC 2821.
Then I would say you are doing a good thing. I do the same. :)
> If a remote server uses one of our IP's in the HELO
> command, our servers will reject the message.
I also reject on every HELO name which is in class=w (sendmail), but
connects with the wrong IP (including, but not limited, to addresses which
resolve to 'localhost', but are not from 127.*). Very effective, too. A
lot of spammers seem to think that you will somehow give them a
passepartout if only they use your hostname for HELO. ;) That logic has
always escaped me; for even if I were not monitoring HELO names,
connecting with such faked, local HELO names means absolutely nothing to
sendmail, in terms of giving out extra credit. All a spammer really does
that way, is unequivocally announce and confirm his own status as a
bonafide spammer.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
More information about the MIMEDefang
mailing list