Re: [exim] denying my IP in helo, easy retry for spammers?

Top Page
Delete this message
Reply to this message
Author: Richard Clayton
Date:  
To: exim-users
Subject: Re: [exim] denying my IP in helo, easy retry for spammers?
In message <20050831233553.GA589@???>, Wakko Warner
<wakko@???> writes

>Please keep me in CC


many of the regular list posters feel otherwise ... it's much simpler to
just live with what happens

        http://www.exim.org/eximwiki/MailingListEtiquette


there's always the list archives on the web if you miss things

>> BTW you'd need to time out entries over some sort of fairly short period
>> to avoid being caught out by ISPs renaming their cluster machines... :)
>
>I hadn't thought of this, however how often does it happen.


on the planet, regularly; to you, seldom

> I'd say if an
>ISP did this, they would notice rather quickly.


they'd know they'd done it... you must mean that _you'd_ notice. Yes,
you'd have rejected some email that you now regret never receiving

that's why making firm decisions on heuristics is problematic; and if
you must do it you need to be as flexible and responsive as possible

>An alternative would be to
>bypass this check if the HELO resolves to the connecting IP. I've seen spam
>with an HELO of the hostname of the zombie according to DNS so that wouldn't
>work all that well either.


it would work poorly -- I regularly see more accurate HELOs from malware
than from the customer's own mailing system :(

That said, there is a lot of malware that doesn't even try to get it
right -- but overall I think this would be a poor heuristic.

In fact, if the malware gets the HELO right and the customer gets it
wrong then when you received email from both instantiations of this IP
address (as might well be the case for malware raiding address books)
you'd make absolutely the reverse of the correct decision :(

>If just everyone had a router and a private IP, it
>would be much easier to block based on this.


Fantasize as you wish; I deal in the real world :)

- -- 
richard                                              Richard Clayton


They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin