Archive - RE: [Oz-ISP] Helo Pacific

All Archives / aussie-isp / 2005-06	<<< Date >>>
Permanent Link

Date: Sat, 11 Jun 2005 21:17:52 +1000 (EST) From: Craig Ian Dewick Cc: Oz-ISP Message-Id: <Pine.GSO.4.58.0506112114350.4937@lios.apana.org.au> In-Reply-To: <Pine.BSF.4.33.0506111840570.1517-100000@home.albury.net.au> References: <Pine.BSF.4.33.0506111840570.1517-100000@home.albury.net.au> Subject: RE: [Oz-ISP] Helo Pacific	No followups recorded.

On Sat, 11 Jun 2005, Ross Wheeler wrote: > > On Sat, 11 Jun 2005, David Luyer wrote: > > > > WHY would your Mail scanner accept obviously forged email? > > > For that part - very few mail servers enforce good data in the > > HELO/EHLO hostnames - is anyone here doing any kind of check > > on the HELO/EHLO hostnames? > > my deroute script does this in a limited way. As was stated in another > reply, a host who handles mail for many different domains will be > difficult to treat in this manner, however there are several that > spammers/phishing/scams often use that CAN be checked. The key one being dnsix.com which seems to be a last-best-host MX for a lot of US (and Australian!) ISP and other corporate mail servers. I can block all email relayed through dnsix.com and stop masses of spam, but unfortunately it also blocks a lot of legit email too. > Ones that clearly work like this are: > yahoo > hotmail > msn > aol > microsoft > westpac.com.au > citibank.com > > Probably thousands of others too, but certainly these ones I DO check in > the helo/ehlo exchange, and if they ain't who they claim to be, they get > dropped quick smart. For my own workstation, I block all SMTP connections from any AOL server. SpamAssassin and Postfix do quite a good job of the others, but that's assuming the emails are legit and coming from the right place for what is claimed in the headers. Regards, Craig. -- Craig Dewick (c r a i g @ p o i s o n . l i o s . a p a n a . o r g . a u http://lios.apana.org.au/~craig APANA Sydney Deputy Regional Co-ordinator. Operator of Jedi (APANA Sydney POP) Always striving for a secure long-term future in an insecure short-term world Have you exported a crypto system today? Do your bit to undermine the NSA. ---- email "unsubscribe aussie-isp" to m a j o r d o m o @ a u s s i e . n e t to be removed.

<<< Date >>>
This page was automatically generated, based on a complete record of postings made to the nominated list. Copyright issues, blame or gratitude belongs to the entity that wrote the content.