Mail Servers blocking BAD Helo

brandon_at_xcodes.net
Date: 12/30/04

  • Next message: Micheal Espinola Jr: "Re: unable to join domain from dmz" 
    Date: Thu, 30 Dec 2004 14:55:08 +0800
To: security-basics@securityfocus.com

    Hi People,

    Not quite sure if this is OT but would require opinions to assist me in
    making decision of whether to block "BAD HELO" at SMTP level. Below is
    a brief desciption of the situation:
    My company's mail server are reciving alot of spams with non-DQDN HELO
    greetings during the smtp conversation. We are using 2 front-end MX
    servers whcih does smtp routes to the relevant POP servers. We have
    actually tried to implement blocking of all helo greetings that are not
    in FQDN format on one of the servers and the result seems to be good.
    However, the only problem that we faced is there other other ISP ain't
    using FQDN in their HELO greetings.

    We do have a couple of clients who are complaining that they are unable
    to receive mails from certain ISPs, which from our checks in the SMTP
    logs, the servers are using "MySMTP1" sort of HELO greetings.

    Now my management are asking me on this issue if we should fully
    implement such feature across the other MX servers or should we
    withdraw such feature fully from the MX servers. From my readings on
    the SMTP RFCs, they have indicated that SMTP servers must configure its
    hostname to FQDN which will be used in HELO Greetings(if im not
    wrong). Im also wondering if there are any other ISP using such
    implementation(Blocking BAD HELO greetings) on their SMTP Servers, any
    idea?

    Would welcome all opinions on this issue.

    Thanks
    Brandon

  • Next message: Micheal Espinola Jr: "Re: unable to join domain from dmz"

    Relevant Pages

    • Re: Mail Servers blocking BAD Helo
      ... Well the technical side of me says if they do not conform to the SMTP ... If you are an ISP, your customers demand and should expect reliable ... >My company's mail server are reciving alot of spams with non-DQDN HELO ... >servers whcih does smtp routes to the relevant POP servers. ...
      (Security-Basics)
    • Re: Mail Servers blocking BAD Helo
      ... Mail Servers blocking BAD Helo ... Im also wondering if there are any other ISP using such ... > Would welcome all opinions on this issue. ...
      (Security-Basics)
    • Re: SMTP Error Message
      ... This IP address is listed twice by the same company CASA-CBL and CASA-CBL+ so I am not sure if they will remove the IP address. ... Your machine was saying "HELO server.company.local" when talking to other SMTP servers, but they're checking your external IP in the blocklists, not your internal address. ...
      (microsoft.public.windows.server.sbs)
    • RE: Mail Servers blocking BAD Helo
      ... Mail Servers blocking BAD Helo ... Well the technical side of me says if they do not conform to the SMTP ... your customers demand and should expect reliable ...
      (Security-Basics)
    • Re: WNLB HT servers
      ... The main reason i need to wnlb two HT servers, is because we have some applications that need to a smtp relay to send emails to the internet and internally. ... This is why i decided to use nlb, with this i can create two receive connectors, one on each HT server the connectors would listen on the ip that has been NLB, and the default built in connectors are listening on a different seperate ip from the nlb ip. ...
      (microsoft.public.exchange.connectivity)