Re: [Exim] forged HELO/EHLO addresses

Página Inicial
Delete this message
Reply to this message
Autor: Dominik Ruf
Data:  
Para: Exim users list
Assunto: Re: [Exim] forged HELO/EHLO addresses
* Alan J. Flavell <a.flavell@???> [2003-11-12 15:25]:

> On the other hand, something like "HELO 11.22.33.44" would slip past
> the above recipe unchallenged. But if they present our own IP address
> (a rather common spammer trick, though I'm not sure what they hope to
> gain by it), we reject it in a separate recipe.


Spammers like to fool not so well-skilled end-users into thinking
the spam originated at your system. And looking at the anti-spam
newsgroups they often succeed. ;-(

> Hmmm: I suppose we
> could really reject anything that looks like nothing more than a
> dotted IP address, as not conforming to the requirements of the RFC -
> what does the team think?


Personally, I'd only reject, if they present my own IP address
(and my own hostname/local_domains) as this is a clear sign for
spam. Anything else could well be a legitimate but misconfigured
sender.

Dominik