[PLUG] Re: Helo policy...
Ronald Chmara
ron at Opus1.COM
Wed Apr 4 05:51:50 UTC 2007
On Apr 3, 2007, at 6:58 PM, Randal L. Schwartz wrote:
>>>>>> "plug" == plug 0 <plug_0 at robinson-west.com> writes:
>
> plug> Okay, but a lot of people seem to think that helo checking is
> futile and
> plug> more trouble than it's worth.
You can:
Verify the IP/DNS reported is valid.
Check if the supposed source has <various> anti-spam DNS entries.
Check (roughly) if the supposed sending IP actually *matches* the IP
(s) where the packets are coming from.
> plug> I run a postfix relay on my firewall
> plug> perimeter where I wonder what the best practice is in this
> day and age.
> plug> I asked Opus and got a completely worthless answer back of,
> "you can do
> plug> whatever you want."
Your relay. :)
/me blacklists this "Opus" pre-emptively. Then notes his sender URL.
> plug> By domain in this excerpt, there is not enough
> plug> context to know what is being referred to specifically. Is
> it a DNS
> plug> domain name or could it be some other kind?
Yes. It could be an arpa IP, for example....
> plug> How about rejecting a helo
> plug> of localhost, friend, of the domain name of my own server?
May cause breakage.
> I tried to be strict about HELO, and got too many false positives
> for spam.
There ya go.
> The only thing I check for now for rejecting are people trying to
> say they are
> me. "HELO stonehenge.com" - I don't think so! I also reject my
> own IP
> address.
I will say this to the OP: You are going down the anti-spam rabbit
hole, and I wish you well. Try not to get eaten by a grue.
-Ronabop
More information about the PLUG
mailing list