On Thu, 1 Apr 2004, Richard Welty wrote:
> On Tue, 30 Mar 2004 18:01:17 +0100 Bruce Richardson <itsbruce@???> wrote:
>
> > Rejecting on the helo parameter is useless, as many clients put junk in
> > there. In addition, rejecting on HELO can often mean that the remote
> > client, if it is an mta, repeatedly tries to resend.
>
> so reject on HELO at RCPT TO: time.
Absolutely. It's been said many times before. It optimises the
chances of getting rid of unwanted callers, while still leaving open
the possibility to get mail through to the postmaster if there's a
genuine problem (assuming your logic allows postmaster/abuse mail
through before applying these rules).
> i disagree that rejecting on HELO is useless.
Applying any *general* rejection rule on the HELO argument probably
-is- going to cause more problems than it solves. But, as you rightly
say, there are some heuristics that are well worth applying (until the
spammers finally wake up and stop doing them):
> reject hosts that claim to be me
> reject hosts that HELO with my IP
right
> reject host where the HELO parameter is out of conformance with the
> RFCs (it must be an FQDN or a IP in [] characters.)
You reject underscores? Brave man. We tried that, but weren't
allowed to maintain our position. Even the EU courts won't prevent
the dominant vendor from imposing its "industry standard" i.e Internet
non-standard.
Rejecting dollar signs, and strings of Korean etc. characters,
in that field has been quite a useful policy, though.
