|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: RFC Helo []
From: /dev/rob0 (rob0
gmx.co.uk)
Date: Thu Oct 26 2006 - 12:14:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wednesday 25 October 2006 23:02, Kev wrote:
> > This has the added benefit of blocking all non-RFC-compliant HELOs,
> > using just the bare unbracketed IP address.
>
> yeah my prb is with RFC compliant header Helo with IP with in [ ], im
> seeing 80% of the spam that get pass my RBL & SpamAssassin use this
> in helo.
Very odd. Could you post the logs of such a delivery? I rarely see the
"HELO [ip.add.re.ss]", but "HELO ip.add.re.ss" is very common.
> anyway to block this ?
I posted a solution already. Add escaped \[ and \] to the expression if
you want to restrict it more. You can even use more complex expressions
to only match a real IP address, although IMO there is no need to work
that hard. I've not yet had a problem with blocking "!/[[:alpha:]]/" in
HELO.
> here's my helo checks
>
> check_helo_access hash:/etc/postfix/helo_access,
A hash: table cannot do this. You must use pcre: or regexp:. Please
reread my previous post, and see the pcre_table(5) manual.
> reject_invalid_hostname, reject_non_fqdn_hostname
IINM reject_invalid_hostname (now reject_invalid_helo_hostname) would
block a bare IP address. Perhaps someone else will confirm or correct
this. I don't consider it a "safe" restriction for normal use, but
perhaps it's time to reconsider that. (I think I manually block most
invalid HELOs anyway.)
You might be misinterpreting what you're seeing in the logs.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]