[Dovecot] Unoffical Survey - What MTA/Spam filtering do you use?
Reuben Farrelly
reuben-dovecot at reub.net
Wed Apr 19 12:45:36 EEST 2006
On 19/04/2006 9:29 p.m., Tomi Hakala wrote:
> Simon Waters wrote:
>> Would love to see so serious analysis of "HELO" based blocking. Whilst I tend
>> to think it is a bad idea, if there are criteria I can exploit in identifying
>> things that aren't genuine mail servers -- it fits the strategy.
>
> Some very broken spam tool sends IP address of an MX host it is speaking
> to in HELO response, this should never happen with real mail hosts so it
> is safe to block all such connections. This blocks high amount of spam
> for us.
Ditto with 'localhost', '127.0.0.1' and your host's own hostname, and apart from
what you get from any of your secondary MX's if you have them - their hostname
too. Although there's the rule that you should be liberal in what you accept
and I believe HELO is something that you're supposed to accept regardless of
what the remote end claims, I've never found legitimate hosts using any of these
arguments to HELO.
If you're slightly more brave then also add non-FQDN and anything which starts
with a '-' such as -1269643152' which I get lots of to invalid addresses. I'm
yet to see a false positive from setting all of these in a year or so since I
implemented them, but then my system probably isn't as critical as some
others...so I can afford to be more brave.
I'd say with a lot of confidence that I've had more false positives from dynamic
blocklists tagging email than HELO checking (perhaps not surprising).
reuben
More information about the dovecot
mailing list