HELO antispam checks (was: [plug] Addresses still in archives.)

Luke Dudney ldlist at westnet.com.au
Mon Oct 18 14:45:54 WST 2004


Craig Ringer wrote:

>I'm increasingly coming to believe it's a lost cause. In addition to
>mailing lists that don't mangle addresses, there are a _great_ many
>Windows users out there with address-harvesting spyware. Correspond with
>a user of an infected machine - even via a mailing list - and you're
>toast.
>
>Google is currently finding ~5050 hits on a search for my email address,
>and that's just the public stuff on the web.
>
>That said, I'm finding a strict MTA, plus fairly forgiving SpamAssassin
>checking, works extremely well. Simple things help a lot. For example,
>since reconfiguring Postfix on Friday to reject mail from servers that
>HELO as "localhost" my spam volumes have fallen dramatically - it's
>quite amusing watching the logs.
>
>  
>
<snip>

I do that too.
$ grep "localhost.* Helo command rejected:" /var/log/maillog |wc -l
129

Another tip: put your server's hostname and any IP addresses it resolves 
to in that list too. Looks like a lot of proxy raping software will use 
the destination mail server's hostname / IP address in their HELO. To my 
knowledge, this has not blocked _any_ legitimate mail.

$ grep "Greeted me with my own hostname" /var/log/maillog |wc -l
6489

Cheers
Luke




More information about the plug mailing list