[Mimedefang] Impersonated domains
kd6lvw at yahoo.com
kd6lvw at yahoo.com
Fri Jun 1 22:46:37 EDT 2012
--- On Fri, 6/1/12, Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
> I've noticed that the impersonations inevitably come from
> DHCP address pools according to ZenBL.
Then your reason is not based on the HELO hostname they present but the fact that they are dynamic assignments. I suggest that your default for dynamic assignments should be to deny them. Leave the HELO name alone.
I use a set of sendmail rules to check for dynamic assignment type hostnames -- but permit an access database check BEFORE the dynamic check so I may define exceptions. I check for certain strings in the dynamic name as well as an IPv4 address (forward or reversed; separated by dots or dashes). However, watch out for certain side-effects -- examples:
"dsl" sometimes appears in non-dynamic hostnames like "dslextreme.com."
"pool" is sometimes used in dynamic names, but more often refers to swimming-pool related domains and similar other uses.
More information about the MIMEDefang
mailing list