Re: EHLO/HELO [was blacklists]
On Friday 10 December 2004 00:39, Mark Bucciarelli <mark@easymailings.com>
wrote:
> I've recently turned on EHLO/HELO validation and am encouraged by how
> effective it is. WIth RBL's (spamcop and dnsbl) and SpamAssassin 3, only
> 88% of spam was stopped. So far, it's 100%. (This is a _very_ small
What exactly do you mean by EHLO/HELO validation?
In my postfix configuration I have:
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
reject_non_fqdn_hostname, reject_unknown_sender_domain
I tried out "reject_unknown_hostname" but had to turn it off, too many
machines had unknown hostnames.
For example a zone foo.com has a SMTP server named postfix1 and puts
postfix1.foo.com in the EHLO command but has an external DNS entry of
smtp.foo.com. Such a zone is moderately well configured and there are too
many such zones to block them all. The other helo restrictions get enough
non-spam traffic.
Using reject_unknown_hostname would get close to blocking 100% of spam, but
that's because it would block huge amounts of non-spam email.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: