Re: anti-UCE efficacy of smtpd_helo_required

[Rob Foehl <rwf@xxxxxxxxxxxx>]

On Fri, 1 Oct 2004, /dev/rob0 wrote:

> FWIW (re: anti-UCE) I've been watching, and sbl-xbl.spamhaus.org is
> doing a fantastic job. Many thanks to the spamhaus and CBL and
> Blitzed.org people. Still some spam is getting through, but the
> customer is delighted with the improvement.
While we're on the subject..  Spamhaus' combined list is excellent, 
list.dsbl.org is a pretty solid choice as well.  There are a few good helo 
checks to use beyond smtpd_helo_required: reject_invalid_hostname is 
pretty safe, and reject_non_fqdn_hostname is nice, but tends to require 
occasional whitelisting when dealing with braindead MUAs and/or 
postmasters.
Use something like this in a PCRE map with check_helo_access:

/^\d{1,3}(\.\d{1,3}){3}$/       501 Syntax error in hostname

An awful lot of spamware seems to helo with a bare IP address.  I also 
reject anything that looks like one of my hostnames or localhost, any of 
my IPs (including 127.0.0.1) in brackets, and a few of the common 
forgeries like bare 'aol.com' or 'compuserve.com'.
warn_if_reject everything until you're comfortable with it, of course.

-Rob