On Wed, 27 Aug 2003 17:34:28 +0100 Jez Hancock <jez.hancock@???> wrote:
> Is it not even more expedient to drop bad HELO/EHLOs in an acl_smtp_helo
> ACL or is this potentially problematic?
it depends on your circumstances. there's a sound reason to exclude
relay_hosts from the FQDN test at corporate sites where internal M$ hosts
are likely using non-FQDNs when sending mail.
once you make sure that you're not excluding legit hosts, i see no reason
not to use drop at the earliest possible moment when you are reasonably
certain you're dealing with a bad actor like a virus infested M$ box.
likewise, if a host is listed in opm.blitzed.org or cbl.abuseat.org, it's
almost certain to be a program that isn't going to care about the 5xx
you're sending back, so you might as well detect and drop as early as
possible.
richard
--
Richard Welty rwelty@???
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
