On Mon, 2004-04-19 at 10:39, Alan J. Flavell wrote:
> 1) HELO domain matches one of our own domains
> Cases 1 and 2 are surprisingly widespread, considering that they
> appear to be a sure-fire indicator of abuse. It's a puzzle to me just
> why abusers would make themselves so obvious: what do they hope to
> gain from it? Is there -any- mailer where either of these options
> yield some positive benefit?
I've noticed that Thunderbird (separate MUA component from Mozilla) will
HELO with the domain part of the sending email account address. Now
this should only be talking to its local MTA/MSA. However it may be
worth being careful with this test - ie hold the reject to the MAIL
FROM: ACL and make that conditional on it not being authenticated...
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
