From: Rob Foehl (rwfloonybin.net)
Date: Fri Oct 01 2004 - 23:35:10 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 1 Oct 2004, /dev/rob0 wrote:

> FWIW (re: anti-UCE) I've been watching, and sbl-xbl.spamhaus.org is
> doing a fantastic job. Many thanks to the spamhaus and CBL and
> Blitzed.org people. Still some spam is getting through, but the
> customer is delighted with the improvement.

While we're on the subject.. Spamhaus' combined list is excellent,
list.dsbl.org is a pretty solid choice as well. There are a few good helo
checks to use beyond smtpd_helo_required: reject_invalid_hostname is
pretty safe, and reject_non_fqdn_hostname is nice, but tends to require
occasional whitelisting when dealing with braindead MUAs and/or
postmasters.

Use something like this in a PCRE map with check_helo_access:

/^\d{1,3}(\.\d{1,3}){3}$/ 501 Syntax error in hostname

An awful lot of spamware seems to helo with a bare IP address. I also
reject anything that looks like one of my hostnames or localhost, any of
my IPs (including 127.0.0.1) in brackets, and a few of the common
forgeries like bare 'aol.com' or 'compuserve.com'.

warn_if_reject everything until you're comfortable with it, of course.

-Rob

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]