Hi !!
> Helo filtering is something that, done right, gives us near zero
> collateral damage for relatively simple rules.
We have also being rejecting based on helo with almost no false
positives and now it produces about 50% of rejections, one simple
helo rule will catch lots of viruses that rewrite the infected
windows computer name and use it as the helo:
# Forged HELO (DOMAIN.com)
drop message = Forged HELO not welcome, you are not
$sender_helo_name
log_message = Forged HELO: $sender_helo_name
condition = ${if match \
{$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}}
I will be pleased to see other's people helo based rules, maybe it
will be good to make some kind of rule complitation and make it
available to others.
--
Best regards ...
Don't ask me, I'm making this up as I go!
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david@???
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------