On Sat, 29 Nov 2003, Kevin Reed wrote:
> Marc Haber said:
> > On Fri, 21 Nov 2003 06:29:36 -0500, Suresh Ramasubramanian
> > <linux@???> wrote:
> >>If HELO yahoo.com comes from an IP with non yahoo rDNS, DENY - don't
> >>waste time deferring it.
> >
> > Nice idea. Do you have that recipe in acl syntax for a cookbook?
>
> There is a sample of it on the forum.
>
> http://exim.got-there.com/forums/viewtopic.php?p=465#465
That looks handy, thanks. However, note that the recipe contains just
yahoo.com, but we get quite a number of spammers HELO'ing with
yahoo.fr, yahoo.ca, yahoo.co.uk (possibly others too). I'm not sure
what host names would show up if there was ever a genuine offer from
one of those - all the entries that I can see in the log appear to be
abusive.
Could we reject outright on those HELOs, I wonder?
Genuine calls from yahoo hosts seem to present the host name (random
example: n26.grp.scd.yahoo.com) in the HELO. Hotmail is the opposite:
many different host names (random example: law11-f54.law11.hotmail.com)
consistently presenting just "hotmail.com" in the HELO.
