On Mon, 18 Nov 2019 at 12:00, @lbutlr <krem...@kreme.com> wrote: > Is it safe (or mostly safe) to simply block attempts to deliver mail with > a helo that is only an IP address? (I am talking about only on > postfix/stmpd and obviously not on postfix/submit or related). > > I have about 50,000 NOQUEUE reject from "helo=<[193.32.160.151]>" over the > last week, for example. I see very few otherwise, and all are obviously > spam with return addresses like account-security-nore...@091773.com or > apple_supp...@0904.ru. >
Interesting idea. But I checked my records and - although YMMV - for us it would have a lot of false positives. (BTW I couldn't do this through mail logs because mine don't record the helo except when an incoming email is rejected.)
