Re: [Exim] exim HELO ack

Top Page
Delete this message
Reply to this message
Author: Exim Users Mailing List
Date:  
To: exim users
Subject: Re: [Exim] exim HELO ack
[ On Wednesday, August 27, 2003 at 08:18:08 (+0530), Suresh Ramasubramanian wrote: ]
> Subject: Re: [Exim] exim HELO ack
>
> I posted a recipe for HELO blocking sometime back - but that was for people
> HELO'ing as your own IP / hosts / domains
>
> That'll catch you far more spam, with far less false positives, I think.


Yeah, so what do you propose to do about all the spammers who are
running spamware which greets your fine server with "hotmail.com"?!?!?

The only right thing to do is to implement proper HELO validation
(i.e. to verify that the name given resolves to an A record matching the
client's source address, or if the HELO parameter is a literal IP
address then its syntax must be correct and it must match the client's
source address). From there you can white-list just those few remaining
sites you absolutely must accept e-mail from but who's postmasters are
just too ignorant and/or lazy to get this one very simple thing right.

Everything else is not only a total waste of time, but it also gives
blatantly misleading and confusing signals to all those who for one
reason or another don't seem to even try to configure their mailers
correctly, i.e. it allows to the likes of hotmail.com to continue to
believe that they can get away with sending a totally bogus and useless
name that's now being spoofed the world over specifically so to get spam
past various filters and checks and such.

Now you may ask why the spammers won't just send valid HELO greetings.
Well I don't know, but if there's been one thing that's been consistent
about the way spammers have behaved ever since the very beginning it's
that they seem to have excessively huge egos and for one reaon or
another a good portion of them seem to want to send spoofed client
names. This one simple check is one of the very first things I and
others identified many years ago as a common way to identify spammers
with a very low incidence of mistaken identity and which almost all of
those non-spammers who were blocked were willing and able to fix quickly
and easily and without complaint.

--
                        Greg A. Woods


+1 416 218-0098                  VE3TCP            RoboHack <woods@???>
Planix, Inc. <woods@???>          Secrets of the Weird <woods@???>