On 20 May 2005 at 12:37, Dickenson, Steven wrote about
"RE: [exim] Bogus HELOs":
| Jakob Hirsch wrote:
| > I treat EHLO data as totally meaningless, so I don't care about it.
| > After all, I don't want to lose mail because of such a thing.
|
| I agree with you, for the most part. However, I do feel it's worthwhile
| to reject mail from servers that HELO/EHLO with my own name.
And even more worthwhile if they HELO with your own IP address.
About 2/3 of my spoofed server rejections are for my public IP
address (sent as a domain name, not in IP literal notation), only
about 1/3 use one of my server names.
| Over the
| last year I've never had a false positive on this.
ISTM false positives are not possible, by definition. The only case
I can imagine is a misconfigured road warrior or telecomuter machine,
and I'll happily deal with that if it arises.
- Fred