Renaud Allard wrote: > I have set some rules that stores helo names in a mysql database and I
> used it to block sites when the helo domain (only the domain part)
> changed within small time intervals. However, it seems that some (many?)
> legit mailservers behave this way. So I would advise you against doing
> this. Changing the helo for the same IP is a very bad idea IMHO, but
> blocking on this only will reject legit mails.
I have considered this myself, but have not done so. One thought comes to
mind. If the HELO is different, why not verify it? If you have a host that
is legit doing this, the A record of the HELO should match the IP and you
could allow that to pass. Most of the HELOs that I have seen are more of
the form of the PC name with a random domain tacked on which is more than
likely not resolvable. The reason I have not persued this is because other
tests I do always block the message.
--
Lab tests show that use of micro$oft causes cancer in lab animals
Got Gas???