Tony Earnshaw wrote:
> 1: Refuse an smtp connection if a valid helo/ehlo isn't given;
> 2: Refuse the connection if I can't do a reverse lookup on the client.
3. Refuse an smtp connection if helo falls in a certain pattern (string or
pcre)
4. Item #3, but from outside a certain ip range, or item #3 where rDNS
domain doesn't match helo (say dont accept helo yahoo.com except from an ip
with rDNS in the yahoo.com domain)
We have been implementing this on sendmail (massage it to log helo and then
have a log parser catch and block IPs sending us bogus helos) - and are now
looking at blocking things realtime using postfix - where this looks
definitely possible (especially #4)
srs
