Re: [Exim] helo_verify and EHLO containing *domain* name?

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Toralf Lund
Dátum:  
Címzett: Exim Mailing List
Tárgy: Re: [Exim] helo_verify and EHLO containing *domain* name?
Ian A B Eiloart wrote:

> There are too many mailers out there that don't use helo properly.
> helo_verify is going to stop you getting a lot of good mail. It is
> worth checking that they aren't using YOUR domain, though - as lots of
> spam does that.


Yes. I've noticed that. Some of the variants I've seen are:

   1. The sending domain name.
   2. *Our* domain name.
   3. An unresolvable host name, but with a domain part that has an IP
      address corresponding to the sending host.
   4. A hostname with no domain part.
   5. A name that looks a bit like the proper name of the server, but
      that isn't really valid.
   6. Utter and complete nonsense.


Now, according to section 45.1 in the Exim 3.3x spec (the way I
interpret it), 1) should be allowed, only it isn't. 2) and 6) should
obviously be blocked, and I believe it is quite common to check for 4) .
5) probably calls for a polite message to the postmaster at the sending
site - and 1)/3) may do, too, only I doubt that people like hotmail
would change their policy based on this.

Regarding 5), one name we've received is
"osl-msg-001.innovation.nor.way", where the real name of the domain is
"innovanor.no".


<http://www.exim.org/exim-html-3.30/doc/html/spec_toc.html#TOC816>

- Toralf

>
> --On jueves, 11 marzo 2004 14:27 +0100 Toralf Lund
> <toralf@???> wrote:
>
>> Since one of the conclusions on my recent thread on "virus" policies was
>> that even simple HELO verification might stop a large proportion of all
>> virus messages, I've tried enabling helo_verify on our MX. And indeed,
>> it does seem to stop a lot of junk. However, there is one problem;
>> messages from genuine servers is sometimes stopped with
>>
>> 2004-03-10 02:37:44 rejected EHLO from dmz158.dnv.com (dnv.com)
>> [193.212.132.158]
>

[ ... ]

>>