Re: [Exim] forged HELO/EHLO addresses

Etusivu
Poista viesti
Vastaa
Lähettäjä: Suresh Ramasubramanian
Päiväys:  
Vastaanottaja: David Saez
Kopio: Alan J. Flavell, Exim Users Mailing List
Aihe: Re: [Exim] forged HELO/EHLO addresses
David Saez writes on 11/16/2003 12:22 PM:

> We have also being rejecting based on helo with almost no false
> positives and now it produces about 50% of rejections, one simple
> helo rule will catch lots of viruses that rewrite the infected
> windows computer name and use it as the helo:


That is, the netbios name of the infected computer?

Yes, you could use non fqdn HELOs as something that gets a relatively
high spamassasin score, but what you are going to get is a lot of
collateral damage.

A lot of the trojans helo as your own domain or IP though... those are
easier to block.

    srs