[Mimedefang] The campaign to save filter_helo

[Dirk the Daring]

On Thu, 9 Nov 2006, "David F. Skoll" <dfs at roaringpenguin.com> wrote:

> Dirk the Daring wrote:
>
>>    I use filter_helo and am quite happy with it. I successfully reject
>> obviously fraudulent HELOs at filter_helo.
>
> At least, you *think* you do.
>
> If you test it, you'll discover they're only rejected at MAIL FROM: time.

    No, I'm fairly sure about this.

    When I re-wrote my filter to take advantage of filter_helo, I also 
inserted quite a few logging statements. Mainly to insure that my filter 
did what I wanted it to do.

    My examination of my logs quite clearly shows that when filter_helo 
ended with a return('REJECT'), the connection progressed no further. I 
have plenty of examples of this.

    Also, after some analysis, I found I was able to reject some 50% of 
foreign (not on my network) SMTP connections by the end of filter_helo. 
Between sendmail's GREETPAUSE, RATECONTROL and CONNCONTROL; and using 
filter_helo to detect obviously fraudulent HELOs, I dropped half the 
spammers that much sooner.

> I've already removed filter_helo from the svn version of MIMEDefang;

    I appreciate all the work you do, and I've always been very happy with 
MIMEDefang. I'm constantly referring people looking for a better anti-SPAM 
solution to the RP website.

    I really wish you'd reconsider removal of filter_helo. My personal 
anti-SPAM philosophy is "Reject early, reject often" and filter_helo helps 
me do that.

> you can just move your test unchanged into filter_sender.

    That can be done and will work, but it allows spammers to waste that 
much more of my mail relay's CPU and my network's bandwidth. If I know 
they're fraudulent at HELO, why let them lie to me again at MAIL FROM ?