Hi Andy, on Wed, 17 Mar 2004 10:04:19 -0500 you wrote:
> In my config_check_receipt I have this:
> deny message = host is listed in $dnslist_domain ($dnslist_text)
> dnslists = list.dsbl.org:\
> sbl.spamhaus.org:\
> relays.ordb.org:\
> sbl-xbl.spamhaus.org:\
> bl.spamcop.net
Having sbl.spamhaus.org and sbl-xbl.spamhaus.org is a bit of a waste of
your resources, since sbl-xbl.spamhaus.org contains sbl.spamhaus.org in
its entirety. You'd be better just having sbl-xbl.
Also, bl.spamcop.net is very aggressive so be aware of that.
> rejected HELO from [200.118.112.12]: syntactically invalid argument(s):
> IBM_A31
It means what it says. "IBM_A31" is not a syntactically valid HELO
argument - underscores are not valid in hostnames.
> What exactly is happening here?
> Virus infected machine or massive spammer?
Could be either. I wouldn't worry about it either way. The reason why
you're seeing lots of log entries though is quite possibly because a lot
of misconfigured machines will keep coming back and hammering at your door
with unreasonable frequency if they get a 5xx error at HELO time.
Tim
