Re: IP addresses in helo

Mon, 18 Nov 2019 07:12:12 -0800 

On 18 Nov 2019, at 7:22, Gregory Heytings wrote:


Hi,
Is it safe (or mostly safe) to simply block attempts to deliver mail with a helo that is only an IP address? (I am talking about only on postfix/stmpd and obviously not on postfix/submit or related). 



No it is not, it's a RFC violation.


So what?

RFCs are not laws. There are no RFC police.
The string that follows HELO/EHLO is purely informational, it should not be used for any filtering purpose. If you use it for this, you'll end up rejecting legitimate emails.
Hasn't happened for me in over a decade. I use a variety of patterns to match against the HELO argument and reject on that basis, of which a few (e.g. /.*\.local$/) have needed special exemptions for specific persistently stupid systems. I haven't needed to add to the special cases since 2008. 

e.g.:

# Patterns used only by bad actors.
/^local$/        REJECT I don't know you
/localhost$/    REJECT you are not me
/[REDACTED: INTERNAL RFC1918 RANGE PATTERN]/    REJECT you are not me
/[REDACTED: EXTERNAL ADDRESS RANGE PATTERN]/    REJECT you are not me
/127\.0\.0\.[0-9]/      REJECT you are not me

# My public MX names, which are not used internally
/^toaster.scconsult.com$/       REJECT you are not me
/^sc1.scconsult.com$/   REJECT you are not me

# My public mail domains, which are not the names of any actual hosts
/^scconsult.com$/       REJECT you are not me
/^billmail.scconsult.com$/      REJECT you are not me

# Spamming botnets
/^friend$/      REJECT You're not my friend
/^DM$/  REJECT You are not the DM
/^mail.com$/    REJECT Suresh says no one is mail.com
/^-/    REJECT Try an imaginary number instead of a negative one.

# Various well-meaning incompetents do dumb stuff
[DUNNO EXEMPTIONS REDACTED]

# Various commonly-seen bad patterns that may need exemptions (above)
/.*\.local$/ REJECT You can't call yourself local when introducing yourself to the world. /.*\.localdomain$/ REJECT You can't call yourself local when introducing yourself to the world. 
/^[^.]*$/ REJECT Care to qualify that claim?
/^[^a-z]*$/ REJECT USE YOUR WORDS LIKE A GROWN-UP!
#
# Places I absolutely do not want any mail from.
[REDACTED: VALID-ISH NAMES IN NOMINALLY LEGIT DOMAINS THAT ONLY SEND SPAM] 




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)

Reply via email to