Re: [exim] Slightly wrong HELO

Top Page
Delete this message
Reply to this message
Author: Suresh Ramasubramanian
Date:  
To: Wakko Warner
CC: Exim User's Mailing List, John W. Baxter
Subject: Re: [exim] Slightly wrong HELO
On Thu, Dec 23, 2004 at 05:47:29PM -0500, Wakko Warner wrote:
>I've wondered something, about helo. I thought about locking each IP to the
>HELO they first used when they contact my system. If it changes, lock out
>the IP until the admin views it. I know of some who want to HELO as the
>domain they are sending from in a multi domain setup.


Multiple HELOs from an IP in a very short period of time can be a useful
indicator of a trojaned host or open proxy connected to the IP. Modulo of
course a lot of webhosting servers (especially those that run the popular
iMail MTA for windows) that do this by design .. running several instances
on each IP bound to the machine so that the domains all helo as
"mail.domain.com" or whatever instead of "mail.actual-webhost.com"

    srs