how to prevent fake email to enter my domain?

Glenn Steen glenn.steen at gmail.com
Fri Jan 26 20:21:56 CET 2007


On 26/01/07, Michael Masse <mrm at medicine.wisc.edu> wrote:
> >>> On 1/26/2007 at 4:04 AM, in message
> <Pine.LNX.4.64.0701262000570.5146 at ebfjryy.nhfvpf.arg>, Res
> <res at ausics.net>
> wrote:
> > You should use a helo check, if you use sendmail use the
> block_bad_helo
> > hack for 8.13.x,   8.14.x will have this as a feature, along with
> require
> > rdns.
>
> The Block_bad_helo hack works excellent, except there are a few
> legitimate senders out there with badly configured servers that send
> things like localhost during helo, so you have no choice but to
> whitelist some of these senders.    Sendmail-speak is not the easiest
> thing to decipher, so make sure you know how to whitelist bad helos
> before implementing it.
>
> Mike
Preempting Res normal (and justified... Yeah, I'm well into my first
half-bottle of red, no inhibitions:-) reaction to this argument...
Which would be along the line "If they're that stoopid they _should_
be dropped... Unless it affects a paying customer in a really bad
way"... I tend to think along the same lines, but scratch the last
part. If it is an issue, contact them, inform them that it is in
violation of RFC to do this... And if they fail to comply, well... Be
damned:-).
I've _never_ had any legitimate (business) sender that has failed to
see the light, when their error has been pointed out to them... ever.
On the contrary, most have (rather politely:) asked me to pass them
the brown bag:-D.

But enabling "RFC strictness" do mean one has to at least keep a
fraction of an eye on it.

(literally this time:) Cheers fellows
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list