[Mimedefang] validating 'possibly forged' helo IP's?
Kevin A. McGrail
kmcgrail at pccc.com
Thu Jan 12 12:27:59 EST 2006
> Of course what is missing in the log entry above is the
> claimed HELO name. Given that I could try and resolve that to an IP and
> then
> compare that IP to relay IP, which would be a more reliable check.
I think you'll find that relay IPs<=>reverse ptrs<=>helo names hardly ever
match in real life.
> Perhaps a better heuristic for me to try is to take the sender's domain,
> convert that to an IP address, and then check to see if the relay address
> is an MX for the sender, or in the same /24 as the sender, or has a 'pass'
> in the SPF records. Keep in mind that the only bad thing that happens if
> the heuristic fails is that the message is not tempfailed.
This is a good point that you aren't bouncing the email for this, just
tempfailing for grey listing purposes. I wonder for how much longer
greylisting will be effective though. I figure ratware will eventually have
to figure it out, no?
Regards,
KAM
More information about the MIMEDefang
mailing list