On Di, Apr 20, 2004 at 01:42:29 -0700, Tor Slettnes <tor@???> wrote:
>
> On Apr 20, 2004, at 12:56, Franz Georg Köhler wrote:
> >On Di, Apr 20, 2004 at 07:45:31 +0200, Anand Buddhdev
> ><anand@???> wrote:
> >>domainlist local_domains = mysql;select distinct domain from users \
> >>where domain='$domain';
> >>
> >>I then use the named list "local_domains" in various tests in the RCPT
> >>ACL.
> >This is what I use:
> >
> > deny message = Invalid HELO ($sender_helo_name): Your name is
> >hard to believe.
> > hosts = !+relay_from_hosts
> > log_message = Forged HELO detected
> > condition = ${if eq
> >{${lc:$sender_helo_name}}{${lc:$domain}}{yes}{no}}
>
> That probably will not cut it in Anand's case, because it seems like he
> has a whole list of local domains. But maybe the following will (a
> simplified version of what I use):
Since SPAMers often use their target's domain as HELO, it catches a lot
of SPAM.