Steffen Heil wrote: > Hi
>
> Is there a valid reason for a mail server to connect to my mailserver from
> the same ip with different hostnames (as told in helo/ehlo)?
> I am thinking about blacklisting ips that tell me more then 3 hostnames from
> the same ip within less than 24 hours for about a week.
>
> Every legal mailserver I know always connects using the same helo name.
> But a lot of spammers connect multiple times using different helo names from
> the same ip.
>
> Any thoughts on this?
>
> Regards,
> Steffen
>
I have set some rules that stores helo names in a mysql database and I
used it to block sites when the helo domain (only the domain part)
changed within small time intervals. However, it seems that some (many?)
legit mailservers behave this way. So I would advise you against doing
this. Changing the helo for the same IP is a very bad idea IMHO, but
blocking on this only will reject legit mails.
