[Greylist-users] HELO

[Eric S]

On Mon, 21 Jul 2003, Alan Batie wrote:

> I've been getting a flood of porn ads leaking through even greylisting
> lately.  They're using my address as both the to/from.  I can't have
> spamassassing block that pattern because of mail from cron jobs, but
> I notice that they're using my hostname on the Received headers too:

I haven't looked over the autowhitelisting code, but it's possible that if
you send email to yourself, you set up an autowhitelisting entry that's
letting this stuff through, if it doesn't key off of the IP address
somehow.  The simplest solution would be to prevent autowhitelisting when
the env-from domain is equal to the rcpt-to domain, on the assumption that
if we'd whitelist the domain going out, it's probably manually whitelisted
on the way back in.

Also, my (not yet available) alternate greylisting implementation tells
them to take a hike if it isn't a local injection (as determined by IP
address) and they HELO with either an unbracketed IP4 ip address, my
domain name, or a name that is neither a FQDN nor a single part that
matches the leftmost part of the rDNS.  At some point in the near future,
I might even check to see if the HELO parameter resolves, though you have
to be ready to drop the leftmost part off of the domain.

Then again, if we can get enough momentum behind DHVP, that will take care
of all HELO validations right there.

As a final note, unrelated to your request, my greylisting implementation
suffered a slight setback this weekend.  I started redesigning the
mechanism I use to track rejection type/reasons, and it quickly turned
into a tangled mess.  I'll be placing my implementation on my vanity
domain as soon as I get that mess worked out.