How to know if I'm blacklisted (SOLVED)

Glenn Steen glenn.steen at gmail.com
Sat Jan 19 16:30:59 GMT 2008 

On 19/01/2008, Steve Freegard <steve.freegard at fsl.com> wrote:
> Glenn Steen wrote:
> >> I've now learned it is legal to refuse them if they're syntactically invalid,
> >> because such a HELO would cause your server to violate format requirements for
> >> Received: headers.
> >>
> >> The rest, we're still exploring. It will be interesting to see where we end up.
> >>
> > Unfortunately, that is likely as far as we'll get... But that in and
> > of itself isn't bad... That one can use a cheap syntactical check to
> > refuse crud is ... very good indeed.
> > I'll give you some numbers, come Monday... There used to be quite a
> > few valid senders falling afoul of stuff like this, but ... a friendly
> > reminder to be RFC-compliant to the admin usually sorted that, so
> > now... It's (almost) only spammers falling afoul of this.
>
> This isn't too prevalent any more - these stats are from a large hosting
> provider for almost the last 2 days:
>
> 214-2.0.0 age=148851 (01 17:20:51)
> 214-2.0.0 004 CLIENTS=584847 (100.00%)
> 214-2.0.0 031 rfc2821-strict-helo=1840 (0.31%)
>
> And the top 10 HELO strings over the same period:
>
>       63 HELO billgates argument must be a FQDN or IP-domain literal
>       28 HELO 193.138.156.135 argument must be a FQDN or IP-domain literal
>       25 HELO mailing argument must be a FQDN or IP-domain literal
>       25 HELO 7E440737996447C argument must be a FQDN or IP-domain literal
>       20 HELO ZZWLINE argument must be a FQDN or IP-domain literal
>       20 HELO xc5 argument must be a FQDN or IP-domain literal
>       20 HELO tr4juyu argument must be a FQDN or IP-domain literal
>       20 HELO OEM-MICRO argument must be a FQDN or IP-domain literal
>       20 HELO image argument must be a FQDN or IP-domain literal
>       15 HELO sr-forever argument must be a FQDN or IP-domain literal
>
> But - it is still a good, cheap test as that is potentially 1840
> messages that didn't need to go through SpamAssassin.
Exactly my point:-).
Sure, other things may drop more, but as long as it drops some (and
yes, I've seen it declining in relative percentage too, although the
general increase of volume keep the amount about the same), it's worth
it.

>  Greeting pause is
> still better though (and almost as cheap):
>
> 214-2.0.0 037 smtp-greet-pause=7309 (1.25%)
But ... that was 1840 making it past greet_pause, so ... you really
don't know how many of those 7309 would've run afoul of the rfc
strictness... or not:-). The problem with stats, how to interprete
'em:-/.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list