OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Aleksey Perov (algardosura.ru)
Date: Fri Mar 15 2002 - 01:09:01 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Fri, 15 Mar 2002 05:30:45 +0300, Michael Tokarev <mjttls.msk.ru> wrote:

    > Looking to nowaday's spamaware/spammers "techniques" (or lack of),
    > it is obvious that many spam will be rejected "out of the box"
    > by requiring at least valid TLD at the end of HELO/EHLO. I thought
    > about something like:
    >
    > smtpd_helo_restrictions = hash:/etc/postfix/helo, reject
    > /etc/postfix/helo =
    > .com OK
    > .org OK
    > .net OK
    > .ru OK
    > ...
    >
    > (with sufficient list of top-level domains). But the question
    > is -- what to do with HELO as IP number? Well, most of such

    IMHO this is not the only question on the topic.

    I think your suggestion would help in some cases, but definitely isn't a
    panacea. A spammer can specify someone's (not his own) *valid* hostname,
    or even your own hostname:

    algardoguamoko algardo$ telnet mail.corpit.ru 25
    Trying 217.23.134.198...
    Connected to mail.corpit.ru.
    Escape character is '^]'.
    220 mail.corpit.ru ESMTP Postfix (1.1.3)
    helo mail.corpit.ru
    250 mail.corpit.ru
    mail from:<algardosura.ru>
    250 Ok
    rcpt to:<postmastercorpit.ru>
    250 Ok

    There are much more questions, and one of them is to verify that a
    parameter specified in HELO/EHLO command conforms client's hostname/IP.

    As long as there's a lot of hosts (read: widely used SMTP client and
    server software) that supply different garbage in HELO/EHLO, I don't
    think that HELO/EHLO-based restrictions are effective. For instance, MS
    Outlook Express specifies computer name which is set in network
    parameters of a workstation in HELO, so how should we deal with this
    (taking into account that many customers use this mailer)? ;)

    (Frankly speaking I doubt that HELO/EHLO command is useful at all. A server
    can verify client's hostname/IP without this verb. The only good thing
    is that server's response to EHLO may be rather interesting for client.)

    > And, related question, where one can find a list of all current
    > TLDs? I know some obvious ones, but surely not all.

    You can find it, but you then will need to check from time to time
    whether ICANN has added some new TLDs (.biz, .info, .aero, .news,
    .michael-tokarev etc) ;)

    >
    > Regards,
    > Michael.
    > -
    > To unsubscribe, send mail to majordomopostfix.org with content
    > (not subject): unsubscribe postfix-users
    > 

    -- 
Aleksey A. Perov
Postmaster
ALP215-RIPE
JSC Svyazinform, Penza, Russia
e-mail: algardosura.ru
phone: +7 8412 520215
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users