>> We use a modified version as a HELO blacklist. This avoids the false
>> positives we saw while testing it as a reverse DNS restriction but, >> because the use of the reverse hostname as the HELO string is a >> common pattern in spam attempts from compromised hosts, it's still >> very effective. >> >> It's a 'check_helo_access' restriction in our >> 'smtpd_recipient_restrictions', and sits right before our RBL > checks, >> where it has blocked 17235 attempts so far this year, with zero false >> positives since we started using it, in November somewhere. > > Interesting... can you provide specific details on what you mean by > 'modified version'? I second that. I'm feeling convinced enough to use it as it was intended, BUT ideally, I don't desire rejecting even those stubborn people who insist on running their email server from their bedroom without relaying through their ISP. Do you have a script that modifies the list into whatever format your method requires? Does anyone have any comments on the efficacy of this method? I assume all it would take is for bots to change the way they create their HELO hostname to bypass this.
