David Saez writes on 11/16/2003 12:22 PM:
> We have also being rejecting based on helo with almost no false
> positives and now it produces about 50% of rejections, one simple
> helo rule will catch lots of viruses that rewrite the infected
> windows computer name and use it as the helo:
That is, the netbios name of the infected computer?
Yes, you could use non fqdn HELOs as something that gets a relatively
high spamassasin score, but what you are going to get is a lot of
collateral damage.
A lot of the trojans helo as your own domain or IP though... those are
easier to block.
srs
