Re: [Assp-user] helo filtering proposal

[Micheal E. J. <mic...@gm...>]

I don't see how or why this:

  123.123.123.123 or 123-123-123-123 or 123x123x123x123

- aka in RegEx -

   \d{1,3}(\.|-|x)\d{1,3}(\.|-|x)\d{1,3}(\.|-|x)\d{1,3}

...would be in ANY valid email HELO.  I only see that when I see spam
being relayed off of residential networks.  No valid email server
would have that in its HELO.  If it did, it deserves to be rejected -
and eventually fixed.

I also agree that non-FQDN's in the HELO should be rejected as well.=20
If not completely in ASSP core coding, I think it would be a great
option to enable/disable depending on your organizations email
traffic.

Or perhaps a new RegEx that is specific to HELO analyzing for
personalization purposes?


On 3/22/06, Marrco <as...@mi...> wrote:
> Hi Fritz,
>  do you plan to implement a better helo based filtering ?
>
> ie.
>
> localhost               REJECT using my own HELO hostname
> 12.34.56.78              REJECT using my own HELO hostname
> ...
> remailer.com            REJECT forged/blacklisted  HELO hostname
> postmaster.com          REJECT forged/blacklisted  HELO hostname
> ...
>
> /^\d+\.\d+\.\d+\.\d+$/          REJECT fake IP literal in HELO hostname
> /^[^\.]+\.?$/                   REJECT unqualified HELO hostname
>
> (right now we have part one implemented in b5, part2 since b1 using the
> trick of manually modifying spamdb.helo, but what i really miss is part3 =
)
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting langua=
ge
> that extends applications into web and mobile media. Attend the live webc=
ast
> and join the prime developer group breaking into this new coding territor=
y!
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720&dat=
=3D121642
> _______________________________________________
> Assp-user mailing list
> Ass...@li...
> https://lists.sourceforge.net/lists/listinfo/assp-user
>


--
ME2