On Sat, 2003-05-03 at 01:06, Giuliano Gavazzi wrote:
> I think an IP as an HELO argument is within specs. At the same time I
> think that any respectable mailserver would identify itself with a
Not within specs unless the IP is a domain literal.
HELO [1.2.3.4] is ok - not HELO 1.2.3.4
> name that resolves to its outgoing interface IP.
Several otherwise legit listserv installs are just this stupid.
We found that out the hard way, I can tell you (luckily we log HELOs
first and look at the logs before dropping in reject rules).
> Presently I would accept an IP HELO unless it does not correspond to
> the real IP of the peer (but my policy might change...).
How about HELOs from some virtual IP aliased onto the interface of the
real IP then? This will turn out to be very hairy ...
> I can confirm that a HELO check (also combined with a sender address
> pattern check) can block most spam (even without RBLs), but it can be
> the source of headaches with admins that cannot/want not to configure
> their servers properly.
Depends on what you check.
1. HELO your own domains / IPs / hostnames / CNAMEs from an external
source = sure spam / virus sign.
2. HELO freemail (say yahoo.com) from an IP which does not have that
freemail's rDNS is also a pretty sure sign of spam / virus mail.
3. HELO any.ip.add.ress is not a very useful thing to check for - too
much collateral damage.
srs
