> > drop !hosts = +relay_from_hosts
> > log_message = HELO is an IP
> > condition = ${if
> >match{$sender_helo_name}{\N^\[?\d+\.\d+\.\d+\.\d+\]?$\N}{yes}{no}}
> [...]
>
> I think an IP as an HELO argument is within specs. At the same time I
> think that any respectable mailserver would identify itself with a
> name that resolves to its outgoing interface IP.
> Presently I would accept an IP HELO unless it does not correspond to
> the real IP of the peer (but my policy might change...).
I have yet to see such a system. Actually, I don't think I've recently seen
an HELO of an IP that wasn't spam (Most likely HELO IP address is the IP of
your mailserver.) At home, I put an ACL to check for an HELO of my internet
IP. I have caught several attempts that weren't RBLed.
If they don't configure their server properly, I say tough.
I know some of my ACL checks aren't RFC compliant, however, it blocks hosts
that aren't RFC compliant.
I prefer to drop people as soon as possible (at home) to keep down on the
reject log. Most of these are one time spammers (one time hosts that is) so
it's not so bad. At work depending on what will block them, I prefer to
just drop them as early as possible but still allow some specific ones to
email one specific address.
> I can confirm that a HELO check (also combined with a sender address
> pattern check) can block most spam (even without RBLs), but it can be
> the source of headaches with admins that cannot/want not to configure
> their servers properly.
Checking an IP HELO against the IP might not work. For instance my server
here is behind a firewall and it's IP doesn't match it's external IP.
Doesn't matter, it EHLOs with a hostname.
