On Tue, 26 Aug 2003, Wakko Warner wrote:
> > how can i stomp non-fqdn HELO/EHLOs as simply as possible?
> >
> > randy, reading list archive with the load average rising
>
> I use this:
> drop message = HELO doesn't look like a hostname
> log_message = Not a hostname
> condition = ${if match{$sender_helo_name} \
> {\N^[^.].*\.[^.]+$\N} \
> {no}{yes} \
> }
>
> This means: Drop the HELO unless it contains a . somewhere in the HELO
> string, but may not begin or end with a . (imposed minimum length is 3
> chars). basically x.x is ok, but .x. is not
As an interested lurker on this thread, I implemented this - in
recipient checks.
I also added tests for the ip address of my mail machine as well
(spam spoofing me as the sender) which also catches a /large/
amount of spam.
drop message = HELO/EHLO invalid
condition = ${if match{$sender_helo_name} \
{justinalexanderbridal.com} \
{yes}{no} \
}
drop message = HELO/EHLO invalid
condition = ${if match{$sender_helo_name} \
{66.223.104.36} \
{yes}{no} \
}
Cheers, Andy!
