Byteplant Forum

Home » CleanMail Support » CleanMail Server Talk » HELO and IP Matching?
HELO and IP Matching? [message #1066] Thu, 03 March 2005 20:05
smorris
Messages: 10
Registered: December 2004
Junior Member
Is there a way to test whether the HELO/EHLO domain name match the IP address and PTR record that are coming in?



Scott Morris
swm@emanon.com
Re: HELO and IP Matching? [message #1067 is a reply to message #1066] Fri, 04 March 2005 10:32 Go to previous message
support
Messages: 919
Registered: April 2004
Senior Member
What should we compare? SMTP does not require that the HELO name and the real hostname have anything to do with each other, so rejecting a mail if they do not match would block lots of legit mail as well.

So some small positive spam score would be in order, and this seems is exactly what SpamAssassin is doing already. It looks as if the rules in the file 20_fake_helo_tests.cf do RDNS lookups. They have scores in the range of 1 to 2 points.



Customer Support
Byteplant GmbH
Re: HELO and IP Matching? [message #1068 is a reply to message #1067] Fri, 04 March 2005 14:41 Go to previous message
smorris
Messages: 10
Registered: December 2004
Junior Member
I don't care about the real hostname. What I care about is whether the IP address that is actually talking to me matches the HELO entry... this is an important thing for folks who are spamming where the PTR entries often don't give the same information as the HELO.

I suppose I could also just up the points on that entry... Just gotta remember to do it again with every upgrade! Smile



Scott Morris
swm@emanon.com
Re: HELO and IP Matching? [message #1069 is a reply to message #1067] Fri, 04 March 2005 15:05 Go to previous message
smorris
Messages: 10
Registered: December 2004
Junior Member
Ok... So where do I modify that score?



Scott Morris
swm@emanon.com
Re: HELO and IP Matching? [message #1070 is a reply to message #1069] Fri, 04 March 2005 15:15 Go to previous message
support
Messages: 919
Registered: April 2004
Senior Member
All scores are set in 50_scores.cf, but you can override them in other files. If you put your overrides into local.cf, they will even survive upgrades. Like this:

score FAKE_HELO_AOL 5.6
score FAKE_HELO_YAHOO_CA 27.0
...



Customer Support
Byteplant GmbH
Re: HELO and IP Matching? [message #1071 is a reply to message #1070] Sat, 05 March 2005 00:17 Go to previous message
smorris
Messages: 10
Registered: December 2004
Junior Member
Yeah... Ok, found that... but looking at the CD with the HELO items in it, those are each for specific domain structures of places that shouldn't really house e-mail servers.

It's not really anything about a basic IP-level check for whether the HELO given resolves back to the IP address that shows up in the source field of IP packets for the current connection. (Or PTR of the IP matching the HELO name)

Hmmmm...



Scott Morris
swm@emanon.com
Previous Topic: unavailable mailbox (smtp 550)
Next Topic: reject/delete
Goto Forum:
  


Current Time: Sat Dec 03 14:37:45 CET 2016