RE: [Exim] Viruses, and HELOs without dots

On Mon, 2004-08-02 at 14:33 +0100, Nigel Metheringham wrote:
> On Mon, 2004-08-02 at 14:27, Hochstrasser Benedikt wrote:
> > helo_verify verifies the sending host via reverse lookup (IP -> name);
> > if the name don't match -> sayonara.
> > Unfortunately, there are many sites who have a bunch of front-end
> > mailers (like mail1.domain.org, mail2.domain.org etc) who present
> > themselves as "mail.domain.org" but of course the reverse lookup will
> > fail. OTOH, each of these front-end mailers are registered MXes for that
> > domain so I can assume they're legit.
>
> Personally I don't consider HELO worth checking at all other than the
> common spam case (HELO is my name, or HELO is my IP)
>
> [... snipped ...]
> > That way we will a) catch all spammers (unless they're using a
> > registered relay) and b) still allow mail from all "legitimate" domains.
>
> You have just re-invented SPF except without the degree of thought and
> design that has gone into SPF.

he's actually just enforcing the requirements of the RFCs, except he has
an exception to allow for some common misconfigurations. I don't see
how you can say that RFC 2821 has had less thought and design going into
it than SPF.

> You could implement your policy using
> SPF but you need to be aware that until the whole internet is fully SPF
> compliant (probably never), you will lose mail through "false"
> positives.

the first step of SPF compliance is getting your DNS in order, as
required by RFC.

> How bloody minded you can afford to be on this depends on your
> environment.

indeed.

--
Kjetil T.