Steffen Heil wrote:
> So, how do you do helo check? Or, are you doing them at all?
> What is regarded as "good practice" ?
I'm doing the following HELO checks in my rcpt acl.
Some of these come from Tor's spam filtering document.
http://slett.net/spam-filtering-for-mx/
#########################################################
# Hello Checks
#########################################################
# Deny servers that don't introduce themselves
deny message = HELO/EHLO required by SMTP RFC
condition= ${if eq{$sender_helo_name}{}{yes}{no}}
# If the remote host greets with an IP address, then reject the mail.
deny
message = IP HELO/EHLO not allowed here. Use a FQDN.
log_message = remote host used IP address in HELO/EHLO greeting
condition = ${if isip {$sender_helo_name}{true}{false}}
# Likewise if the peer greets with one of our own names
deny
message = Sorry, that domain belongs to us. Get your own.
log_message = remote host used our name in HELO/EHLO greeting.
condition = ${if match_domain{$sender_helo_name}\
{$primary_hostname:+local_domains:+relay_to_domains}\
{true}{false}}
# If HELO verification fails, we add a X-HELO-Warning: header in
# the message.
warn
message = X-HELO-Warning: Remote host $sender_host_address \
${if def:sender_host_name {($sender_host_name) }}\
incorrectly presented itself as $sender_helo_name
log_message = remote host presented unverifiable HELO/EHLO greeting.
!verify = helo
Steven
---
Steven Dickenson <sdickenson@???>
Computer Network Manager
The Key School, Annapolis Maryland
