Re: [Exim] forged HELO/EHLO addresses

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Suresh Ramasubramanian
Ημερομηνία:  
Προς: David Saez
Υ/ο: Alan J. Flavell, Exim Users Mailing List
Αντικείμενο: Re: [Exim] forged HELO/EHLO addresses
David Saez writes on 11/16/2003 12:22 PM:

> We have also being rejecting based on helo with almost no false
> positives and now it produces about 50% of rejections, one simple
> helo rule will catch lots of viruses that rewrite the infected
> windows computer name and use it as the helo:


That is, the netbios name of the infected computer?

Yes, you could use non fqdn HELOs as something that gets a relatively
high spamassasin score, but what you are going to get is a lot of
collateral damage.

A lot of the trojans helo as your own domain or IP though... those are
easier to block.

    srs