Re: another interesting spam trick...

From: Simon J Mudd (no email)
Date: Wed Oct 31 2001 - 18:30:25 EST


On Wed, 31 Oct 2001, Greg A. Woods wrote:

> [ On , October 31, 2001 at 19:01:43 (+0100), Simon J Mudd wrote: ]
> > Subject: Re: another interesting spam trick...
> >
> > While this is actually quite nice, the problem you'll probably find is
> > that you will reject a large number of incorrectly configured smtp
> > clients.
>
> Actually provided that you allow any locally authorised clients which
> may be running really dumb, broken, or otherwise mis-configured
> software, it's not anywhere near so bad as you make it out to be.

I did this for a while when I was working at All Trading and yes it caught
a few badly configured machines, but not _that_ many. Most postmasters
who I pointed out the problem to (with "friendly messages explaining the
problem") all of a sudden reconfigured their machines correctly.

> Most of the rest are caused by people who clearly should not be allowed
> within a thousand miles of any firewall/NAT configuration.

I've been blocked by you before and imagine I would be in the same
situation now, though I could configure the smtp client appropriately now
if necessary. Do you check that one of the ips is valid when looking up a
hostname with multiple ip addresses? (I can't fix the reverse DNS as the
addresses are not owned by me.)

> I get a lot of invalid HELO/EHLO names on my own personal servers, but
> 99.99% are confirmed spam sources (including hotmail! ;-). Only very
> ocasionally does someone I know accidentally screw up their
> configuration and get caught by this check.

I'll have to insist a bit more and try and get on your white list :-)

> > I would guess Wietse never implemented this for that reason,
> > as I think that the check is available on other MTAs. (smail?)
>
> Yes, and Exim.
>
> HELO/EHLO parameter validation is a very powerful anti-spam feature and
> it really doesn't cause problems for a "lot" of SMTP clients in the real
> world.
>
> Like mengwong says in another reply: "That's what they said about
> closed relays."

Yes I think it would be useful too, even if it would affect me.

Simon

-- 
Simon J Mudd, Madrid SPAIN.   email: 
Tel: +34-91-408 4878,   Mobile: +34-605-085 219
-
To unsubscribe, send mail to  with content
(not subject): unsubscribe postfix-users







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD