On Wed, 2006-04-19 at 04:29, Tomi Hakala wrote:
Would love to see so serious analysis of "HELO" based blocking. Whilst I tend to think it is a bad idea, if there are criteria I can exploit in identifying things that aren't genuine mail servers -- it fits the strategy.
Some very broken spam tool sends IP address of an MX host it is speaking to in HELO response, this should never happen with real mail hosts so it is safe to block all such connections. This blocks high amount of spam for us.
The MimeDefang mail list is a good resource for different techniques to filter spam because it provides a framwork to do a lot of different checks and can run your choices of spamassassin, virus scanners, etc. It only works with sendmail because it uses the milter interface but many of the techniques discussed on the mail list would apply to other programs and some large site administrators participate.
-- Les Mikesell lesmikesell@gmail.com