SLUG Mailing List Archives
Re: [SLUG] HELO/EHLO FQDN problems accessing slug lists (was: squid auth with winbind)
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] HELO/EHLO FQDN problems accessing slug lists (was: squid auth with winbind)
- From: Jeff Waugh <jdub@xxxxxxxxxxxxxx>
- Date: Sat, 31 May 2003 00:46:10 +1000
- User-agent: Mutt/1.5.4i
<quote who="James Gray">
> I guess I'm lucky - I run my own mail server so the fix was about 5
> minutes of googling and one line added to a config file. But I think (in
> light of the RFC's and my experience) any security or filtering scheme
> based on EHLO/HELO responses from clients is really quite useless. It is
> trivial to send out whatever I want - hell, I could masquerade as
> slug.org.au if I wanted to!
It's not EHLO/HELO response filtering causing your problems , it is the
lack of reverse DNS for your client MTA. Setting up DNS correctly is
important and fairly crucial, so it is a good barrier to entry for spammers.
It has caused only a few subscribers to have trouble posting, and they've
been able to fix their unhappy DNS setup pretty quickly.
It has been in place for quite a while now, but I'm watching and reviewing
its effects. If it turns out to be a problem for more people than it has so
far, it will go.
[ If anyone has a very serious problem with it and can't post to the list, I
will probably see your mails getting blocked anyway, but please mail me at
jdub@xxxxxxxxxxxxxx -> my mail host for that address isn't as strict as the
SLUG machine. :-) ]
 Although we do reject mails with specifically bogus HELO data, such as
"aol.com" (which isn't what any aol.com server reports, only spammers use
it). This kills a whole stack of spammage before it can even get to the
linux.conf.au 2004: Adelaide, Australia http://lca2004.linux.org.au/
"NASCAR is not race per se. It's just a contest about who can turn left
the best." - Unknown