Koozali.org: home of the SME Server

qmail badhelo block top level domain

Offline Bozely

  • *
  • 75
  • +0/-0
qmail badhelo block top level domain
« on: June 04, 2013, 02:01:57 PM »
I have smeserver-wbl installed and have been adding entries to block various senders but I am finding emails continue to bypass the checks. At first I thought smeserver-wbl was not working but when examining the email headers found HELO sub domains are continually changing.

I was reading the below post regarding wildcards for badhelo entries so as to block all sub-domains of a top level domain

http://forums.contribs.org/index.php/topic,43688.msg208703.html#msg208703

mail1.spammer.com
mail2.spammer.com
mail3.spammer.com

with a single entry like

spammer.com

pwalter suggested using the code found here

http://www.nntp.perl.org/group/perl.qpsmtpd/2004/06/msg1422.html

Could anyone shed some light on how to implement this solution or if you know of more suitable solutions to the issue?

Thanks,

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: qmail badhelo block top level domain
« Reply #1 on: June 07, 2013, 10:04:46 PM »
I am actually just now running some tests to see whether a incorrect HELO/EHLO command should be reason to reject mails. The SMTP standard requires the EHLO/HELO command to be following by a FQDN which for many spammers is not the case. I can unfortunately also see that some legitimate mails are sent with incorrect FQDN.

I am not sure that this will help much - the EHLO/EHLO command does not always reflect the sending domain, especially if the server hosts many domains.