On Thu, 28 Aug 2003, Marc G. Fournier wrote:
>
> 'k, I'm using Postfix here ... there are a whack of 'anti-*' checks that I
> *can* enable that deal with reverse DNS and a bunch of other things, but I
> found when I tried that ages back that there was alot of mail being
> rejected from legit sources :(
Hmmm...I don't mail much but that would bounce me out the door I believe. Of
course I could [and probably should] configure things so that the mail hub uses
the right address to get the reverse lookup to succeed but that makes my setup
less logical regarding interface bindings and names.
--
Nigel J. Andrews
>
> On Wed, 27 Aug 2003, Richard Welty wrote:
>
> > On Wed, 27 Aug 2003 19:55:36 -0300 (ADT) "Marc G. Fournier" <scrappy@hub.org> wrote:
> >
> > >
> > > I've just moved some anti-virus/anti-spam checks a bit closer to the
> > > source, and am now rejecting the following before it even gets to the
> > > anti-virus checking, and/or majordomo:
> >
> > i don't know what MTA you're using, but if it supports syntax checks on the
> > HELO/EHLO strings, you might want to look at blocking strings that don't
> > include a "." in the middle. the RFCs require this to be either an FQDN or
> > a literal IP, and most of the virus stuff is coming from M$ hosts that use
> > the BIOS name (not a FQDN) in their HELO strings.
> >
> > i found i could reject the bulk of the Sobig stuff after receiving a HELO.
