[Mimedefang] Rejecting forged senders - comments?
john at rudd.cc
Wed Sep 20 04:44:22 EDT 2006
Johan Sleeuwenhoek wrote:
> I'm configuring a similar setup and was wondering whether it is
> possible to put it in filter_helo?
> 2006/9/19, Cormack, Ken <ken.cormack at roadway.com>:
>> I'd like to see if anyone has any comments on an idea to block spam from
>> forged senders who claim my domain in the sender address. I'm assuming
>> something like this could (or should?) be done for both the SMTP "MAIL
>> FROM:" and the "From:" in the header.
If you put it in filter_sender, you can still check against the
HELO/EHLO string, but you can also exempt anyone who has done
SMTP-AUTH. So, it's really better to put it in filter_sender.
1) to reject based on the content of the HELO string is an RFC violation
2) In my experience, 90% of the things you would reject are going to be
caught by doing other checks, such as:
a) IP address doesn't have a PTR record
b) the hostname in the PTR record doesn't resolve back to the IP address
c) the hostname in the PTR record goes to a CNAME and not an A record
d) the hostname in the PTR record looks "dynamic" (has words like
dsl, cable, dial-up, dialup, dhcp, or dynamic in the hostname, or has 2
or more octets of the IP address in its hostname)
IMO: you're better off checking for those 4 things than looking at the
More information about the MIMEDefang