[Mimedefang] Revisit: Filtering on HELO
brennan at columbia.edu
Fri Mar 16 12:38:10 EST 2007
--On Friday, March 16, 2007 11:44 AM -0400 "Kevin A. McGrail"
<kmcgrail at pccc.com> wrote:
> We check for localhost or 127.0.0.1
> We check for our name.
> We check for our IP address with/without ['s
> We check for helo of friend
> We check for helo where length < 3 or doesn't have dots.
Those are solid, I agree, except as I was saying some with no dots
are actually small-time organizations misled by Windows software.
When the helo is an IP in [ ], it should be $RelayAddr in there.
Not for example 126.96.36.199 saying "helo [188.8.131.52]" or
184.108.40.206 saying "helo [220.127.116.11]". But this might not
be common enough to bother with.
> I do NO forward<->reverse comparisons.
This really is looking like a loser to me too. Certainly plenty of
spam hosts get this wrong, but so do many legit ones.
> But all of these are excluded for authorized users.
Absolutely. Many clients do this wrong. And besides the point is
not to enforce the smtp standards but to identify junk.
Lead Email Systems Engineer
Columbia University Information Technology
More information about the MIMEDefang