[Mimedefang] $RelayHostname not matchingsendmail's Receivedheader?
Jan-Pieter Cornet
johnpc at xs4all.nl
Thu Dec 7 08:10:36 EST 2006
On Thu, Dec 07, 2006 at 03:16:53AM -0800, John Rudd wrote:
> >If either the HELO or
> >the envelope sender domain points back at the sending IP, it is
> >also allowed. Unless, of course, either of those are generic rDNS
> >or [] bracketed IP constructs.
>
> If you can make the second part work (sender's domain points back to the
> sending IP), I'd be happy to incorporate it as an option to the main
Cool. I'll send you a patch if I get it working.
> code base. I'm not sure I'd care about what the HELO string says,
> though. If it's a botnet sender, it could fake the HELO string. But if
> the sender's domain really does resolve back to that host, that's a very
> good indication that we've got a real mail server sitting on a bad IP addr.
Of course it could fake the HELO. The idea is that it doesn't help
to send the reverse DNS name again, but it might send some other
domain that can be linked to the sending IP. If it's part of a
botnet, it is unlikely to have another forward DNS entry pointing to
it. And if it has, there's more proof that the owner of the domain
is facilitating spammers.
Current practice seems to show that the HELO is usually a lone hostname,
so that's not going to help. To get around this, the spammer will have
to update his DNS zone and include all botnet IPs somewhere. We'll deal
with that when it gets that far :)
I'll include it, configurable, OK? :)
> (where's the spamtools mailing list?)
http://www.abuse.net/spamtools.html
traffic is varying, usually low to extremely low, sometimes no messages
in months, sometimes several dozen messages a day if a particularly
controversial subject has been hit.
Hm, there's an online archive, but now I cannot find the message
where this idea of checking HELO and envelope sender originated.
I believe RfG mentioned it... but it'd take too much time right now
to search all of his posts in my current archive.
--
Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs. !!
More information about the MIMEDefang
mailing list