[Mimedefang] Re: New X-AntiAbuse way for spammer (Pierre Forget)
Dirk the Daring
dirk at psicorps.org
Sun May 18 15:09:50 EDT 2008
On Sat, 17 May 2008, Pierre Forget <pierre at pierreforget.com> wrote:
> got them. But they still go through. Any idea how to get rid of this?
> Here is an example header:
>
> Return-Path: <rmaryland at newadvent.org>
> Received: from oemc8b286a37b8 ([190.128.82.83])
> by mail.hebergement-quebec.net (8.13.7/8.12.11) with SMTP id
You should have dropped this moron at HELO. Waste of good bandwidth,
disk, CPU and RAM to actually queue that garbage and run it thru SA.
What tipped this idiot's hand? The HELO isn't an even vaguely an FQDN,
so there was never any reason to let the retard get to MAIL FROM:, let
alone send RCPT TO: or even issue DATA.
Invoke MIMEdefang with -H for HELO filtering and include a filter_helo
function. Reject (as in "terminate with prejudice") any connection that
gives a HELO that isn't an FQDN, or is an FQDN from a foreign host that
claims to be in your Domain(s), or is an IP literal not enclosed in square
brackets, or is an IP literal that doesn't match the actual IP of the
sending host (which will also catch foreign hosts sending an IP literal of
one of your hosts, as well as IP literals like loopback and
private/non-routable addresses). Hopefully you have split your border MTAs
from your MSAs for legitimate users and you can also reject M$
LookOut!-esque garbage like "localhost.localdomain".
The MD Wiki has some example code for such filtering.
More information about the MIMEDefang
mailing list