On Mon, 18 Nov 2019 at 12:23, Dominic Raferd <domi...@timedicer.co.uk> wrote:
> > > On Mon, 18 Nov 2019 at 12:00, @lbutlr <krem...@kreme.com> wrote: > >> Is it safe (or mostly safe) to simply block attempts to deliver mail with >> a helo that is only an IP address? (I am talking about only on >> postfix/stmpd and obviously not on postfix/submit or related). >> >> I have about 50,000 NOQUEUE reject from "helo=<[193.32.160.151]>" over >> the last week, for example. I see very few otherwise, and all are obviously >> spam with return addresses like account-security-nore...@091773.com or >> apple_supp...@0904.ru. >> > > Interesting idea. But I checked my records and - although YMMV - for us it > would have a lot of false positives. (BTW I couldn't do this through mail > logs because mine don't record the helo except when an incoming email is > rejected.) > Correction: actually I can't find any false-positives in my records (after I eliminated the false-false-positives...)