[Mimedefang] The campaign to save filter_helo
Dirk the Daring
dirk at psicorps.org
Thu Nov 9 11:15:35 EST 2006
On Thu, 9 Nov 2006, "David F. Skoll" <dfs at roaringpenguin.com> wrote:
> Dirk the Daring wrote:
>
>> I use filter_helo and am quite happy with it. I successfully reject
>> obviously fraudulent HELOs at filter_helo.
>
> At least, you *think* you do.
>
> If you test it, you'll discover they're only rejected at MAIL FROM: time.
No, I'm fairly sure about this.
When I re-wrote my filter to take advantage of filter_helo, I also
inserted quite a few logging statements. Mainly to insure that my filter
did what I wanted it to do.
My examination of my logs quite clearly shows that when filter_helo
ended with a return('REJECT'), the connection progressed no further. I
have plenty of examples of this.
Also, after some analysis, I found I was able to reject some 50% of
foreign (not on my network) SMTP connections by the end of filter_helo.
Between sendmail's GREETPAUSE, RATECONTROL and CONNCONTROL; and using
filter_helo to detect obviously fraudulent HELOs, I dropped half the
spammers that much sooner.
> I've already removed filter_helo from the svn version of MIMEDefang;
I appreciate all the work you do, and I've always been very happy with
MIMEDefang. I'm constantly referring people looking for a better anti-SPAM
solution to the RP website.
I really wish you'd reconsider removal of filter_helo. My personal
anti-SPAM philosophy is "Reject early, reject often" and filter_helo helps
me do that.
> you can just move your test unchanged into filter_sender.
That can be done and will work, but it allows spammers to waste that
much more of my mail relay's CPU and my network's bandwidth. If I know
they're fraudulent at HELO, why let them lie to me again at MAIL FROM ?
More information about the MIMEDefang
mailing list