[ On Wednesday, March 17, 2004 at 16:02:00 (+0000), Tim Jackson wrote: ]
> Subject: Re: [Exim] acl_smtp_helo question
>
> I'm personally more inclined to do such HELO checks at the RCPT stage;
That really doesn't help anyone in the long run, least of all the poor
sod with the broken SMTP software and/or configuration. Eventually we
need to teach those people to fix their problems and not continue to
condone their use of broken crap.
> it
> gives the offender a chance to contact postmaster@yourdomain then,
That's a different issue. If you really want to allow broken and
drastically mis-configured and purposefully mis-behaving software to
still send mail to your postmaster mailbox then that's your choice, but
beware you'll be flooded with junk you don't want.
> plus
> causes less problems with hosts that retry excessively or otherwise react
> badly to 5xx's at HELO time.
That's also an entirely separate issue. You need to make sure you
configure your SMTP server to avoid this kind of abuse regardless of the
apparent "cause". Side-stepping valid protocol actions just to try to
work around this issue will _not_ guarantee to avoid the issue 100%.
You must use error rate limiting techniques to actively prevent the
abuser from causing real problems.
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>