On 16 Sep 2014, at 17:59 , Bill Cole
<[email protected]> wrote:
> It is much safer to use 'reject_invalid_helo_hostname' or
> 'reject_non_fqdn_helo_hostname' or for maximal safety to use a
> 'check_helo_access' map to specifically reject HELO names & patterns that
> fingerprint spambots (e.g. 'friend', 'ylmf-pc', '[127.0.0.1]', your own local
> names/IPs, etc.) or gross incompetence (unqualified names, *.local, etc.) and
> perhaps to exempt special cases where you are willing to tolerate
> incompetence.
I suspect a lot of people get reject_invalid_helo_hostname and
reject_unknown_helo_hostname confused.
I think you can always add the following and then look at your logs:
warn_if_reject reject_unknown_helo_hostname
I used to have a helo check, but no longer use it:
$ cat helo_checks.pcre
/(unknown|localhost|localdomain|lan|home|example|local)$/ REJECT Mailserver
name in private namespace
/kreme\.com$/ REJECT helo Don't spoof my hostname
#several more like that for various domains.
/(\d{1,3}[.-]){3}[.-]\d{1,3}/ WARN Too many numbers in your HELO/EHLO (D)
/([[:digit:]]{1,3}[.-]){3}[[:digit:]]{1,3}/ WARN Too many numbers in HELO/EHLO
(dig)
/\.(dsl|adsl|pool|dynamic|user|hsd|dyn|dial)/ REJECT helo Dynamic . servers not
allowed
/^(dsl|adsl|pool|dynamic|user|hsd|dyn|dial)/ REJECT helo Dynamic ^ servers not
allowed
/home\.com$/ REJECT home.com is poisoned
--
I'll have what the gentleman on the floor is having.
