Author: Andrew - Supernews Date: To: exim-users Subject: Re: [Exim] no IP address found for host [our own domain]
>>>>> "Alan" == Alan J Flavell <a.flavell@???> writes:
>> It makes only sense to verify the HELO string if you are accepting
>> mail from real MTAs, who should be more careful in what they send. Alan> We've recently started reckoning spam points for broken HELOs
Alan> as well as for IPs that don't have PTR records. Alan> I also added rejection for a HELO which presents our own IP
Alan> address (*without* brackets) - surprising how many spammers are
Alan> doing that - I read somewhere that spammers also try presenting
Alan> one's own email domain or the host name of the MTA, but I see
Alan> very few of those in practice. >> When a client presents a valid authentication, it is irrelevant if
>> their HELO does not verify. You already have everything you need
>> to identify them. Alan> Exactly my point, yes.
personally I prefer having mail submission from end-user MUAs (which
are the big offenders when it comes to malformed HELOs on otherwise
valid mail) on a port other than 25 (port 587 being the standard for
this). That also makes it easy to have quite different ACLs for
(authenticated) local smarthosting and incoming mail from the rest of
the world.
We moved our sales and support staff (mainly M$ users) to port 587
recently without any noticable pain.
(The approach I chose was to run a separate exim daemon rather than
have one daemon listen on both ports. This was because I didn't want
local submission to be subject to the same limits on concurrent SMTP
connections that we have for incoming mail from the world.)
