At 6:19 +0530 2003/03/30, Suresh Ramasubramanian wrote:
>3. Refuse an smtp connection if helo falls in a certain pattern (string or
>pcre)
>
>4. Item #3, but from outside a certain ip range, or item #3 where rDNS
>domain doesn't match helo (say dont accept helo yahoo.com except from an ip
>with rDNS in the yahoo.com domain)
>
>We have been implementing this on sendmail (massage it to log helo and then
>have a log parser catch and block IPs sending us bogus helos) - and are now
>looking at blocking things realtime using postfix - where this looks
>definitely possible (especially #4)
I did implement 3/4 initially, where a certain sender/helo pattern
would trigger a check of the reverse DNS against the domain in the
helo. Tricky when you consider country domains (each one with its own
organisation of domains at the second or third level). Also it really
is against RFC, where the only requirement, it seems, is that the
helo argument resolves to the ip address of the host.
I then perfected this by checking the direct DNS of the helo arg
against the ip of the host, if the reverse DNS check failed. I
consider this an RFC enforcement.
I estimate that these checks cut spam by over 95% (no RBLs!).
Unfortunately, thanks to some cleverly misconfigured hosts, some
legitimate email were also rejected. In one case it took me a over a
month to get their DNS fixed, in most cases I did not manage to get
anything done.
The only solutions I see are:
1) disabled the check for some known hosts
2) put more emphasis on the sender username check and use a score
based system (using the new ACL variables) to reject emails.
3) (1) and (2) together.
Giuliano
--
H U M P H
|| |||
software
Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/