Re: [exim] A riddle: What HELO/EHLO does remote host send?

Top Page

Reply to this message
Author: Dennis Davis
Date:  
To: exim-users
Subject: Re: [exim] A riddle: What HELO/EHLO does remote host send?
On Fri, 2 Feb 2007, Peter Bowyer wrote:

> From: Peter Bowyer <peter@???>
> To: Exim users mailing list <exim-users@???>
> Date: Fri, 2 Feb 2007 12:45:51 +0000
> Subject: Re: [exim] A riddle: What HELO/EHLO does remote host send?


...

> Since your HELO ACL rejected the HELO, and the client didn't send
> another one, $sender_helo_name is subsequently blank. A rejection
> of the HELO simply causes the transaction to continue as though no
> HELO had been received.
>
> HELO rejection is generally better done at RCPT time, for this
> reason amongst others.


And is a cheap and effective way of getting rid of suspect
connections. My mail servers don't like HELO greetings that say the
connection is:

(1) The mail server, name or IP address.
(2) A domain handled by the mail server.
(3) Something that doesn't look like a FQDN.
(4) A selection of names, eg "localhost.localdomain".

It's effective. Among yesterday's to 50 mail rejection reasons were:

  Messages   Mail rejection reason
     10102   Rejected RCPT: invalid HELO syntax localhost
       921   Rejected RCPT: bad HELO name localhost.localdomain
       405   Rejected RCPT: imposter 138.38.32.23
       214   Rejected RCPT: imposter coppi.bath.ac.uk
       186   Rejected RCPT: Charlatan, how can you be bath.ac.uk?
        71   Rejected RCPT: Charlatan, how can you be ukoln.ac.uk?
-- 
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@???               Phone: +44 1225 386101