RE: [exim] Q: ACL HELO name checks (This time w/ a subject l…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Fred Viles
Fecha:  
A: exim-users
Asunto: RE: [exim] Q: ACL HELO name checks (This time w/ a subject line!)
On 5 Oct 2005 at 14:22, Herb Martin wrote about
    "RE: [exim] Q: ACL HELO name checks ":


| > -----Original Message-----
| > From: exim-users-bounces@???
| > [mailto:exim-users-bounces@exim.org] On Behalf Of Michael Peek

|...
| > Is there a rule in the SMTP protocol that says the HELO name
| > has to match the remote sender's hostname/address in some way?
|
| Not really.


Well, if this doesn't draw fire from Greg Woods, I think we can
safely conclude he isn't lurking on this list anymore! Here's
hoping...

| > Maybe I should just chuck it out the window?


I'm with Michael, I also have the same HELO rejection criteria as he
does, and I inject a 40s delay (after RCPT TO:) if the HELO name
can't be verified (and it's not an authenticated session). For this,
verify = helo is useful.

However, I do an rDNS check to reject HELOs with a few commonly
forged domains (hotmail, yahoo, aol, etc) where it is known that
legitimate mail comes from servers with appropriate PTR names. That
seems quite reliable, but it has to be monitored in case one of the
domains starts sending via a server whose PTR name violates the
assumption.

| Or use it to drive greylisting rather than the
| simple rejection.


By all accounts that's very effective, but I haven't bothered for my
small domain.

- Fred