[Mimedefang] Revisit: Filtering on HELO

Joseph Brennan brennan at columbia.edu
Fri Mar 16 12:38:10 EST 2007



--On Friday, March 16, 2007 11:44 AM -0400 "Kevin A. McGrail" 
<kmcgrail at pccc.com> wrote:

> We check for localhost or 127.0.0.1
> We check for our name.
> We check for our IP address with/without ['s
> We check for helo of friend
> We check for helo where length < 3 or doesn't have dots.

Those are solid, I agree, except as I was saying some with no dots
are actually small-time organizations misled by Windows software.

When the helo is an IP in [ ], it should be $RelayAddr in there.
Not for example 86.98.53.231 saying "helo [213.42.21.56]" or
66.249.194.85 saying "helo [216.184.125.15]".  But this might not
be common enough to bother with.


> I do NO forward<->reverse comparisons.

This really is looking like a loser to me too.  Certainly plenty of
spam hosts get this wrong, but so do many legit ones.


> But all of these are excluded for authorized users.

Absolutely.  Many clients do this wrong.  And besides the point is
not to enforce the smtp standards but to identify junk.


Joseph Brennan
Lead Email Systems Engineer
Columbia University Information Technology




More information about the MIMEDefang mailing list