Kjetil Torgrim Homme wrote:
> On Thu, 2007-05-03 at 00:46 +0200, Renaud Allard wrote:
>> I am receiving a bunch of stock spams (mostly in german). Their common
>> property seems to be a helo like [ip.add.re.ss].
>> I am thinking about an ACL like this one:
>> warn
>> condition = ${if
>> match{$sender_helo_name}{\N(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[0
>> 1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\N}{yes}{no}}
>> set acl_c1 = IP in HELO
>> set acl_c0 = Please set up a meaningful name in your HELO
>> (i.e. not containing an IP).
>>
>>
>> (with acl_c1 and acl_c0 set, the mail is rejected after rcpt in my config)
>>
>> What do you think? An IP between [] delimiters is "legal" in rfc2821,
>> however I don't think many legit servers are using this kind of
>> configuration.
>
> I think it's a bit funny to accept "HELO foo.com" but reject a valid IP
> literal. however, if there is a mismatch between the HELO literal and
> $sender_host_address, junking it is quite legitimate, IMO.
>
As mentioned the spammers will have the right literal HELO because its
their interest. I think this is just like IP literals for receiving
mails, it is mainly used for abuse.
How many people still support postmaster@[your.ip.addr.ess] nowadays?
One has to wonder.
