[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: EHLO question



On Tue, Dec 02, 2003 at 12:24:28AM +0200, Matti Aarnio wrote:
> On Mon, Dec 01, 2003 at 02:24:54PM -0500, Grace He wrote:
...
> There are no runtime options to go with it to turn detected
> discrepancy to a rejection.    Ages ago I did consider doing
> just that, but way too many PCs gave bad hostnames even back
> then.  And it isn't reliable anti-spam measure, as large part
> of spammers are able to report correct IP reversals.

Just today at work (amongst other thing we were doing), I did
check at the smtpserver logs for couple usage problems.

I found a case, where a definite spamware is running at host H,
it sends out  MAIL FROM with address that is invented by picking
some joe-random localpart, and tagging last two segments of IP-
reversed hostname.  Those reversers just happen to be invalid,
so they were mighty easy to reject ;-)   Also, it sends precisely
correct  EHLO parameter hostname, that is, IP reversed lookup
result.

The same host (most likely), when a user is running an  Outlook Express
does send  "EHLO myfirstname"  which doesn't match up...
(For a John that would be 'EHLO john', that is.)

Go figure...

> > I am running zmailer 2.99.55 with solaris 8.
> > Thanks,
> > grace
> > -----------------------------------------------
> > Grace He - Sysadmin
> > Ryerson University - School of Computer Science	

/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi