Koozali.org: home of the SME Server

Obsolete Releases => SME 8.x Contribs => Topic started by: Bozely on June 04, 2013, 02:01:57 PM

Title: qmail badhelo block top level domain
Post by: Bozely on June 04, 2013, 02:01:57 PM

I have smeserver-wbl installed and have been adding entries to block various senders but I am finding emails continue to bypass the checks. At first I thought smeserver-wbl was not working but when examining the email headers found HELO sub domains are continually changing.

I was reading the below post regarding wildcards for badhelo entries so as to block all sub-domains of a top level domain

http://forums.contribs.org/index.php/topic,43688.msg208703.html#msg208703 (http://forums.contribs.org/index.php/topic,43688.msg208703.html#msg208703)

mail1.spammer.com
mail2.spammer.com
mail3.spammer.com

with a single entry like

spammer.com

pwalter suggested using the code found here

http://www.nntp.perl.org/group/perl.qpsmtpd/2004/06/msg1422.html

Could anyone shed some light on how to implement this solution or if you know of more suitable solutions to the issue?

Thanks,

Title: Re: qmail badhelo block top level domain
Post by: Knuddi on June 07, 2013, 10:04:46 PM

I am actually just now running some tests to see whether a incorrect HELO/EHLO command should be reason to reject mails. The SMTP standard requires the EHLO/HELO command to be following by a FQDN which for many spammers is not the case. I can unfortunately also see that some legitimate mails are sent with incorrect FQDN.

I am not sure that this will help much - the EHLO/EHLO command does not always reflect the sending domain, especially if the server hosts many domains.