I have the following helo restriction in a pcre file:
!/[[:alpha:]]/ REJECT helo non-alpha helo not allowed
I ran it with WARN for quite a while and didn't see any legitimate
messages that hit it, so I moved it to REJECT. However, my mailserver
is starting to see more traffic now than it used to, and more varied.
I had to remove my CIDR blocks on china and south korea, for example.
True, most of that mail still hits zen or fails to pass greylisting,
but where there used to be -zero- legit mail from those countries, now
there's a little.
So I thought I'd see if anyone else thought that a helo in the form
[12.34.56.789] SHOULD be allowed. I mean, as far as I recall, this is
still technically allowed, right?
I've thought about simply going back to warn, but when I first
implemented this check it hit a few dozen a day, and now it hits many
hundreds, so searching for legitimate messages among the warnings will
be considerably harder.
My complete helo_checks.pcre looks like this:
!/[[:alpha:]]/ REJECT helo non-alpha helo not
allowed to talk to me
!/\.[[:alpha:]]{2,}$/ REJECT helo no TLD, invalid hostname
# Block localhost (unusual in HELO)
/^localhost(\.localdomain)?$/ REJECT helo Unacceptable hostname in helo
/^unknown$/ REJECT helo No unknown hostnames
/^75\.148\.117\.93/ REJECT helo Don't Spoof My IP
/^\[75\.148\.117\.93\]/ REJECT helo Don't Spoof My IP
/^covisp\.net$/ REJECT helo Don't spoof my hostname
/^southgaylord\.com$/ REJECT helo Don't spoof my hostname
/^kreme\.com$/ REJECT helo Don't spoof my hostname
/^example\.com$/ REJECT helo Don't spoof my hostname
/^example\.net$/ REJECT helo Don't spoof my hostname
/\.(dsl|adsl|pool|dynamic|user|hsd|dyn|dial)/ REJECT helo Dynamic .
addresses not allowed
/^(dsl|adsl|pool|dynamic|user|hsd|dyn|dial)/ REJECT helo Dynamic ^
addresses not allowed
--
Cogito cogito, ergo cogito sum, cogito
