|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: RFC Helo []
From: /dev/rob0 (rob0
gmx.co.uk)
Date: Wed Oct 25 2006 - 22:46:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wednesday 25 October 2006 22:33, Kev wrote:
> Hi all,
>
> how can you block postfix from allowing the RFC helo [123.123.123.1]
> type helo's ?
I use this: as a check_helo_access pcre: lookup ...
!/[[:alpha:]]/ REJECT
We find that all-numeric EHLO/HELO greetings are usually spam.
If not, please ask your postmaster to correct the server's
EHLO/HELO greeting.
This has the added benefit of blocking all non-RFC-compliant HELOs,
using just the bare unbracketed IP address.
At this time I also think that reject_non_fqdn_helo_hostname (was
reject_non_fqdn_hostname before 2.3) is safe enough for most use. Or,
the way I did it: added to the above check_helo_access pcre: lookup:
!/\./ REJECT
We find that non-qualified EHLO/HELO greetings are always spam.
If not, please ask your postmaster to correct the server's
EHLO/HELO greeting.
You could also put your own HTTP URL in these message to assist in
getting the rare FP's whitelisted. I do that, but I haven't had any
reports of FP yet.
> can do this with header checks but it will still reject if the sender
> server has this header.
Bad idea to wait until after DATA to act on information you already
have. Wastes bandwidth and CPU resources unnecessarily.
> can this be done, im seeing this spamer, very good one that spam with
> this way and the SpamAssasing score less then 3 most of the time.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]