Re: [Exim] HELO acl

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMSuresh Ramasubramanian at <-
MMNico Erfurth at ->
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: Giuliano Gavazzi
CC: Suresh Ramasubramanian, exim-users@exim.org
New-Topics: [Exim] IP coming directly from hell?
Subject: Re: [Exim] HELO acl
On Sun, 30 Mar 2003, Giuliano Gavazzi wrote:

> I did implement 3/4 initially, where a certain sender/helo pattern
> would trigger a check of the reverse DNS against the domain in the
> helo. Tricky when you consider country domains (each one with its own
> organisation of domains at the second or third level). Also it really
> is against RFC, where the only requirement, it seems, is that the
> helo argument resolves to the ip address of the host.
> I then perfected this by checking the direct DNS of the helo arg
> against the ip of the host, if the reverse DNS check failed. I
> consider this an RFC enforcement.
> I estimate that these checks cut spam by over 95% (no RBLs!).
> Unfortunately, thanks to some cleverly misconfigured hosts, some
> legitimate email were also rejected. In one case it took me a over a
> month to get their DNS fixed, in most cases I did not manage to get
> anything done.

And again, this isn't a perfect solution, what about hosts with two
outgoing interfaces?

primary_hostname is set to the hostname of the first interface, but
sometimes the host sends with the second interface (I think this isn't
very unusual).

Nico



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] HELO aclRe: [Exim] HELO acl->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)