[PLUG] Re: Helo policy...

[Ronald Chmara]

On Apr 3, 2007, at 6:58 PM, Randal L. Schwartz wrote:

>>>>>> "plug" == plug 0 <plug_0 at robinson-west.com> writes:
>
> plug> Okay, but a lot of people seem to think that helo checking is  
> futile and
> plug> more trouble than it's worth.

You can:
Verify the IP/DNS reported is valid.
Check if the supposed source has <various> anti-spam DNS entries.
Check (roughly) if the supposed sending IP actually *matches* the IP 
(s) where the packets are coming from.

> plug> I run a postfix relay on my firewall
> plug> perimeter where I wonder what the best practice is in this  
> day and age.
> plug> I asked Opus and got a completely worthless answer back of,  
> "you can do
> plug> whatever you want."

Your relay. :)

/me blacklists this "Opus" pre-emptively. Then notes his sender URL.

> plug> By domain in this excerpt, there is not enough
> plug> context to know what is being referred to specifically.  Is  
> it a DNS
> plug> domain name or could it be some other kind?

Yes. It could be an arpa IP, for example....

> plug> How about rejecting a helo
> plug> of localhost, friend, of the domain name of my own server?

May cause breakage.

> I tried to be strict about HELO, and got too many false positives  
> for spam.

There ya go.

> The only thing I check for now for rejecting are people trying to  
> say they are
> me.  "HELO stonehenge.com" - I don't think so!  I also reject my  
> own IP
> address.

I will say this to the OP: You are going down the anti-spam rabbit  
hole, and I wish you well. Try not to get eaten by a grue.

-Ronabop