Re: [Exim] blocking fake yahoo and hotmail

> This is designed to compare against single domain name helo's that
> spammers use. Typically they will use:
>
> hotmail.com
> compuserve.com
> mail.com

and aol.com

> etc...
>
> No. This is to block users that say HELO hotmail.com when in fact they
> are not a hotmail.com server. That match is to the right side of the
> received dns from the IP so that mc6-s10.law1.hotmail.com would be valid
> if the HELO were hotmail.com.
>
> If the server like hotmail uses a HELO of mc6-s10.law1.hotmail.com this
> would not come into play since the helo-check file doesn't have
> mc6-s10.law1.hotmail.com in it.

One problem I can think of is with aol and the aol dialups. Lets assume
that a dialup on aol isn't in a DUL yet and they HELO as aol.com
How annoying. It could be checked by using the hostname I think
*.ipt.aol.com (not sure). Anyone just outright blocking the aol dialups by
hostname?

> It is not designed to catch helo's like n26.grp.scd.yahoo.com, just helo
> of yahoo.com. I've not seen any spammers attempting anything but the
> simple domain name. Not that I've really checked, but this check does
> catch a lot of mail.

I think I setup mine to do this. My personal one is hard coded in acls, my
work on is in a file. IIRC, several people including myself designed an
lsearch method.

--
Lab tests show that use of micro$oft causes cancer in lab animals