Re: [exim-dev] HELO cache

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJakob Hirsch at <-
MJakob Hirsch at ->
Delete this message
Reply to this message
Author: Simon Arlott
Date:  
To: exim-dev
Subject: Re: [exim-dev] HELO cache
On 22/07/06 21:37, Jakob Hirsch wrote:
> Quoting Simon Arlott:
>
>> Someone might find this useful, it tracks the most recent unique HELO
>> names used per IP and the times they were last used - spam zombies
>> become very obvious with this information.
>
> Nice idea. I didn't look at the code, but at first glance I'd say the
> same could already be done with Exim's builtin functions and some
> database backend (e.g. sqlite as a simple one).
>
>

It could, but then you'd miss the completely bogus HELO names that fail syntactic checks:

2006-07-07 02:58:45 rejected HELO from [221.202.166.166]:4560: syntactically invalid argument(s): \274\315\327\334
2006-07-07 02:58:48 H=(1aek.viyeyef1.ameritech.net) [221.202.166.166]:4694 F=<Charley.Grant@???> rejected RCPT <*@*>: dnslist xbl.spamhaus.org/221.202.166.166

--
Simon Arlott

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] HELO cacheRe: [exim-dev] HELO cache->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)