Re: [Exim] Re: Now well off-topic

Top Page
Delete this message
Reply to this message
Author: Suresh Ramasubramanian
Date:  
To: Alun
CC: Exim Users Mailing List
Subject: Re: [Exim] Re: Now well off-topic
Alun wrote:

> Forgetting any other considerations of correctness/reverse dns/whatever, if
> I blocked 1 in every 18 messages coming in from outside on the basis of
> invalid HELO alone, I'd be chased by a hoard of people with flaming torches.
> HELO data might be a diagnostic pointer to possible spam, but that's about
> all I think anyone running a medium to big site would dare to use it for in
> the real world.


How big a site do you think we are? 30 million users.

We use fake EHLO as one of our most effective filters.

Mail from a non yahoo IP (say a taiwanese DSL line) saying HELO
yahoo.com? Or better still, HELOing to us with the name of one of our
own hosts or IPs? Cast iron spamsign.

If you take the trouble to research those HELO patterns, and block them
at SMTP time, you have got one helluva spam filter in your hands.

    srs