SourceForge has been redesigned. Learn more.
Close

#15 helo verification

open
nobody
1
2001-10-24
2001-10-23
Anonymous
No

How about an option to check and see if the ehlo/helo
is legit and/or really associated with the connecting
IP address

Discussion

  • Jason Fesler

    Jason Fesler - 2001-10-24

    Logged In: YES
    user_id=239889

    Date: Tue, 23 Oct 2001 19:21:22 -0700 (PDT)
    From: Jason Fesler <jfesler@gigo.com>
    To: authd@authd.org
    Bcc: Brian Freeman <brian@oopack.com>
    Subject: "helo" checking and such

    I was recently asked to add in checking for "helo", make
    sure that the
    strings given there are resolvable. Looking at least at my
    own logs,
    however, this would do nearly as much harm as good - of the
    1% of the mail
    that has unresolvable hostnames hitting _my_ system, half
    of that mail is
    legit but not otherwise triggering any exceptions (and
    would be blocked if
    I started requiring that HELO be valid).

    Anyone have any logs where they think this may
    significantly be
    helpful, but not harmful? I'd like to do some analysis on
    them before
    I put the effort in on the code (much less, add it to a
    place where
    people are likely to shoot their feet off and blame me for
    it..).

    On a similiar note would be the ability to the reverse DNS
    on the
    connecting IP. I've had about 5% of the mail sent to my
    system have an
    unknown host name connecting. 2/3rds of that was refused
    for _other_ anti
    spam reasons. The remaining one third, nearly all of it is
    either
    good, or to bad usernames (and being refused by postfix for
    having unknown
    users). All that said, if you *really* want to refuse
    mail from those,
    just do a match for "unknown" in the hostname, at least for
    postfix.
    Other MTA's may have a different representation.

    --
    --
    Jason Fesler <jfesler@gigo.com>
    http://gigo.com/resume.html
    "Those who give up essential liberties for temporary safety
    deserve neither liberty nor safety." - Benjamin Franklin

     
  • Jason Fesler

    Jason Fesler - 2001-10-24
    • priority: 5 --> 1
     
  • Jason Fesler

    Jason Fesler - 2001-10-24

    Logged In: YES
    user_id=239889

    Date: Tue, 23 Oct 2001 19:21:22 -0700 (PDT)
    From: Jason Fesler <jfesler@gigo.com>
    To: authd@authd.org
    Bcc: Brian Freeman <brian@oopack.com>
    Subject: "helo" checking and such

    I was recently asked to add in checking for "helo", make
    sure that the
    strings given there are resolvable. Looking at least at my
    own logs,
    however, this would do nearly as much harm as good - of the
    1% of the mail
    that has unresolvable hostnames hitting _my_ system, half
    of that mail is
    legit but not otherwise triggering any exceptions (and
    would be blocked if
    I started requiring that HELO be valid).

    Anyone have any logs where they think this may
    significantly be
    helpful, but not harmful? I'd like to do some analysis on
    them before
    I put the effort in on the code (much less, add it to a
    place where
    people are likely to shoot their feet off and blame me for
    it..).

    On a similiar note would be the ability to the reverse DNS
    on the
    connecting IP. I've had about 5% of the mail sent to my
    system have an
    unknown host name connecting. 2/3rds of that was refused
    for _other_ anti
    spam reasons. The remaining one third, nearly all of it is
    either
    good, or to bad usernames (and being refused by postfix for
    having unknown
    users). All that said, if you *really* want to refuse
    mail from those,
    just do a match for "unknown" in the hostname, at least for
    postfix.
    Other MTA's may have a different representation.

    --
    --
    Jason Fesler <jfesler@gigo.com>
    http://gigo.com/resume.html
    "Those who give up essential liberties for temporary safety
    deserve neither liberty nor safety." - Benjamin Franklin

     

Log in to post a comment.