Wakko Warner wrote: > Renaud Allard wrote:
>> I have set some rules that stores helo names in a mysql database and I
>> used it to block sites when the helo domain (only the domain part)
>> changed within small time intervals. However, it seems that some (many?)
>> legit mailservers behave this way. So I would advise you against doing
>> this. Changing the helo for the same IP is a very bad idea IMHO, but
>> blocking on this only will reject legit mails.
>
> I have considered this myself, but have not done so. One thought comes to
> mind. If the HELO is different, why not verify it? If you have a host that
> is legit doing this, the A record of the HELO should match the IP and you
> could allow that to pass. Most of the HELOs that I have seen are more of
> the form of the PC name with a random domain tacked on which is more than
> likely not resolvable. The reason I have not persued this is because other
> tests I do always block the message.
> You could still test such an ACL with the domain verification to make
some stats on this. It may be a good idea.