> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of John Buysse
> Sent: vrijdag 25 maart 2005 20:53
> To: mimedefang@lists.roaringpenguin.com
> Subject: Re: [Mimedefang] OT: New Sendmail spam block
>
>
> I am with one of the universities Ben is dealing with. I was quoting
> RFC 2821, not RFC 821. We are not rejecting messages with an invalid
> HELO command based on RFC 1123, as we are not verifying the the info
> provided. We are rejecting messages with an invalid HELO
> command based RFC 2821.
Then I would say you are doing a good thing. I do the same. :)
> If a remote server uses one of our IP's in the HELO
> command, our servers will reject the message.
I also reject on every HELO name which is in class=w (sendmail), but
connects with the wrong IP (including, but not limited, to addresses which
resolve to 'localhost', but are not from 127.*). Very effective, too. A
lot of spammers seem to think that you will somehow give them a
passepartout if only they use your hostname for HELO. ;) That logic has
always escaped me; for even if I were not monitoring HELO names,
connecting with such faked, local HELO names means absolutely nothing to
sendmail, in terms of giving out extra credit. All a spammer really does
that way, is unequivocally announce and confirm his own status as a
bonafide spammer.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
