At 20:13 9/17/2003, T. Mike Howeth wrote: >I implemented these quite some time ago myself in order to judge their >real-world efficacy. (I know you specificially asked for no input on the >sanity of your premise, but here it is nonetheless :) )
S'ok... Any feed back is good feedback...:) >Many valid, non-spamming MTAs use unverifiable text in HELO/EHLO (e.g., an >internal hostname or other non-DNS text). Attempting to validate the text >will result in the rejection of many valid messages. I disabled this >portion of the code after noticing that I had bounced job offers and some >urgent messages from the company that does my domain forwarding. This is a valid point - and one that has relevance in my situation. However, in reviewing the SMTP logs for the past 6 months on my server, I found less than 10 legitimate mails which would have been rejected under this policy. So, while it's never possible to predict when the one missed message will be important, I think I'm probably pretty safe on this one. But I may set it up just to log rather than rejecting, at least for a while... >On the other hand, the check of HELO/EHLO args that are formatted as IP >addresses against the remote IP proved useful, and catches intentional >(albeit amateurish) attempts at obfuscation. The practice of looking for >intentionally misleading information is often a great way to catch >entry-level spammers. After many months, every single message that I have >rejected based upon a false IP presented as the HELO arg came from an MTA >that sooner or later ended up on my spammer list. But I can turn it off >in Server.tab just in case. (In fact, I have so many other spam-catching >mechanisms now that I'm not even sure that I still have this check enabled). Yep. I previously had a reject test for HELO names against spam-address.tab, and added my own server's IP address there because of the number of entries in the SMTP log with my address as the HELO name. So this is really just a better (more complete) version of that test. Tracy - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
