Re: [exim] HELO/EHLO reject rates

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M--+\Jan Doberstein at <-
M+\MMDarton Williams at ->
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: ROGERS Richard
CC: exim-users
Subject: Re: [exim] HELO/EHLO reject rates


ROGERS Richard wrote:
> Interesting observation. Unfortunately I don't keep historical data for
> individual rejection reasons (possibly I should), but my feeling (and
> it's only that) is that there has been an increase in the use of domain
> literals as HELO/EHLO strings. Although (AFAIK) these are perfectly
> legal, we now reject mail where the HELO/EHLO string is a domain literal
> of the sending IP address AND there is no rDNS for the sending IP
> address.
>
> We also reject where the HELO/EHLO string is a single word (i.e. no "."
> in it, so it can't be a FQDN or domain literal) AND there is no rDNS on
> the sending IP.
>
> No complaints about either of these so far (they probably count for
> upwards of 5% of all rejections, despite being fairly late in the
> sequence of tests).
>
> I'd love to reject wherever there is no rDNS, but I think there would be
> too many false positives involved. (I know that some here take the view
> that this is not a false positive, but our users are likely to regard a
> message that is not spam, and does not originate from a known source of
> spam, as one that should be delivered). That's not to say it can't be
> given a score in SpamAssassin though.
>

Many ISPs put generic reverse DNS on their IP range. So I prefer to reject when
the HELO is a single word whatever there is a RDNS or not.
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Fwd: 250-8BITMIME questionRe: [exim] block domain SPF with v=spf1 +all->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)