Archive - Re: [Oz-ISP] Helo Pacific

All Archives / aussie-isp / 2005-06	<<< Date >>>
Permanent Link

Date: Sat, 11 Jun 2005 16:08:33 +1000 From: Craig Sanders To: Oz-ISP, aussie-isp Message-Id: <20050611060833.GB6237@taz.net.au> In-Reply-To: <200506110137.j5B1b3EI030170@mailout2.pacific.net.au> References: <04e701c56e18$e64243a0$664ca8c0@D3TJQ71S> <200506110137.j5B1b3EI030170@mailout2.pacific.net.au> Subject: Re: [Oz-ISP] Helo Pacific	No followups recorded.

On Sat, Jun 11, 2005 at 11:36:00AM +1000, David Luyer wrote: > > WHY would your Mail scanner accept obviously forged email? > > > > Received: from hunterlink.net.au (62-90-163-109.barak.net.il > > [62.90.163.109]) > > by mailin2.pacific.net.au (8.13.4/8.13.4/Debian-1) with ESMTP id > > j5AITlZr003570 > > > > From: s u p p o r t @ h u n t e r l i n k . n e t . a u > > For that part - very few mail servers enforce good data in the > HELO/EHLO hostnames - is anyone here doing any kind of check > on the HELO/EHLO hostnames? it's normal to check that the HELO hostname actually exists, but there's no reliable or useful way of checking anything beyond that. after all, what's the "correct" HELO hostname for a mail server with dozens of IP addresses and/or that handles mail for thousands of domains. checking for existence (in the DNS) of the hostname at least blocks obvious forgeries with randomly generated hostnames (or which use the HELO name as a kind of tracking code). oh, just remembered....the one kind of HELO checking which IS possible and worthwhile to do is to make sure that your own hostnames/domains aren't being forged. your own networks and your customers networks should be able to HELO/EHLO with your host/domain name, and authenticated users too (e.g. SMTP AUTH or pop-before-smtp or whatever) but nobody else outside your network should be able to do that. > Now, Dave -- WHY would you reveal one of our whitelist entries on an > open mailing list, which will archive the address on the web, and only > result in more spam using it as a 'from' address? not worth worrying about. spammers will forge it anyway, especially when it's a common localpart like support@ use the net as if spammers don't exist, and block as much spam as you can. craig -- craig sanders <c a s @ t a z . n e t . a u (part time cyborg) ---- email "unsubscribe aussie-isp" to m a j o r d o m o @ a u s s i e . n e t to be removed.

<<< Date >>>
This page was automatically generated, based on a complete record of postings made to the nominated list. Copyright issues, blame or gratitude belongs to the entity that wrote the content.