Ian A B Eiloart wrote:
> There are too many mailers out there that don't use helo properly.
> helo_verify is going to stop you getting a lot of good mail. It is
> worth checking that they aren't using YOUR domain, though - as lots of
> spam does that.
Yes. I've noticed that. Some of the variants I've seen are:
1. The sending domain name.
2. *Our* domain name.
3. An unresolvable host name, but with a domain part that has an IP
address corresponding to the sending host.
4. A hostname with no domain part.
5. A name that looks a bit like the proper name of the server, but
that isn't really valid.
6. Utter and complete nonsense.
Now, according to section 45.1 in the Exim 3.3x spec (the way I
interpret it), 1) should be allowed, only it isn't. 2) and 6) should
obviously be blocked, and I believe it is quite common to check for 4) .
5) probably calls for a polite message to the postmaster at the sending
site - and 1)/3) may do, too, only I doubt that people like hotmail
would change their policy based on this.
Regarding 5), one name we've received is
"osl-msg-001.innovation.nor.way", where the real name of the domain is
"innovanor.no".
<
http://www.exim.org/exim-html-3.30/doc/html/spec_toc.html#TOC816>
- Toralf
>
> --On jueves, 11 marzo 2004 14:27 +0100 Toralf Lund
> <toralf@???> wrote:
>
>> Since one of the conclusions on my recent thread on "virus" policies was
>> that even simple HELO verification might stop a large proportion of all
>> virus messages, I've tried enabling helo_verify on our MX. And indeed,
>> it does seem to stop a lot of junk. However, there is one problem;
>> messages from genuine servers is sometimes stopped with
>>
>> 2004-03-10 02:37:44 rejected EHLO from dmz158.dnv.com (dnv.com)
>> [193.212.132.158]
>
[ ... ]
>>
