Re: [exim] Are we being harsh

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Ron McKeating
CC: Exim-Users \(E-mail\)
Subject: Re: [exim] Are we being harsh
On Mon, 4 Apr 2005, Ron McKeating wrote:

> We have a complain because we rejected an email that looked like a
> forged hello, here is our log entry
>
> 2005-04-02 16:02:44 H=mail1.gov.im (KEWAIGUE.mailsec) [217.23.170.232]
> rejected EHLO or HELO kewaigue.mailsec: Forged HELO: constructed by
> viruses KEWAIGUE.mailsec


You are being unusually strict so I'm not surprised that it's causing
trouble. Although there's a lot of milage in HELO heuristics, there's also
a very high probablility of false positives the more clever you try to be.
It would probably be better to implement this kind of test as a
SpamAssassin rule.

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}