Re: Mail Servers blocking BAD Helo

From: Steven Moix - Axianet.ch (steven.moix_at_axianet.ch)
Date: 12/30/04

  • Next message: Harshal Dedhia: "N00b Question" 
    To: <security-basics@securityfocus.com>
Date: Thu, 30 Dec 2004 19:48:52 +0100

    I faced the same problem, my opinion is that you should be as RFC-close as
    possible on the mailservers, this avoids a lot of bad messages.

    Like you said, the problem is that people often don't configure correctly
    some scripts to send e-mails via webpages. You should simply write a kind
    message to the administrator of that domain to make him aware of this
    problem, it's often corrected in 5 minutes and doing so you help other
    people at the same time.

    Information for a better world ;)

    ----- Original Message -----
    From: <brandon@xcodes.net>
    To: <security-basics@securityfocus.com>
    Sent: Thursday, December 30, 2004 7:55 AM
    Subject: Mail Servers blocking BAD Helo

    > Hi People,
    >
    > Not quite sure if this is OT but would require opinions to assist me in
    > making decision of whether to block "BAD HELO" at SMTP level. Below is
    > a brief desciption of the situation:
    > My company's mail server are reciving alot of spams with non-DQDN HELO
    > greetings during the smtp conversation. We are using 2 front-end MX
    > servers whcih does smtp routes to the relevant POP servers. We have
    > actually tried to implement blocking of all helo greetings that are not
    > in FQDN format on one of the servers and the result seems to be good.
    > However, the only problem that we faced is there other other ISP ain't
    > using FQDN in their HELO greetings.
    >
    > We do have a couple of clients who are complaining that they are unable
    > to receive mails from certain ISPs, which from our checks in the SMTP
    > logs, the servers are using "MySMTP1" sort of HELO greetings.
    >
    > Now my management are asking me on this issue if we should fully
    > implement such feature across the other MX servers or should we
    > withdraw such feature fully from the MX servers. From my readings on
    > the SMTP RFCs, they have indicated that SMTP servers must configure its
    > hostname to FQDN which will be used in HELO Greetings(if im not
    > wrong). Im also wondering if there are any other ISP using such
    > implementation(Blocking BAD HELO greetings) on their SMTP Servers, any
    > idea?
    >
    > Would welcome all opinions on this issue.
    >
    > Thanks
    > Brandon
    >
    >
    >

  • Next message: Harshal Dedhia: "N00b Question"

    Relevant Pages

    • Re: How to setup dual reverse/ptr records.
      ... We had some emails bounce when the HELO didn't match the email address domain. ... Or do servers that check PTR records against sender domain carefully check ALL resulting dns lookups. ... While the RFC for PTR records allows for multiple records for an IP address, it is not clear how much DNS query software implements this correctly, or at all, as you rightly wonder. ...
      (microsoft.public.windows.server.sbs)
    • Mail Servers blocking BAD Helo
      ... making decision of whether to block "BAD HELO" at SMTP level. ... My company's mail server are reciving alot of spams with non-DQDN HELO ... servers whcih does smtp routes to the relevant POP servers. ... Would welcome all opinions on this issue. ...
      (Security-Basics)
    • Re: Mail Servers blocking BAD Helo
      ... i guess i would have to drop that BAD HELO implementation in the ... form of business point of view. ... mails coming directly to the MX servers because we have setup a remote ... > If you are an ISP, your customers demand and should expect reliable ...
      (Security-Basics)
    • RE: Mail Servers blocking BAD Helo
      ... Mail Servers blocking BAD Helo ... Well the technical side of me says if they do not conform to the SMTP ... your customers demand and should expect reliable ...
      (Security-Basics)
    • Re: Mail Servers blocking BAD Helo
      ... Well the technical side of me says if they do not conform to the SMTP ... If you are an ISP, your customers demand and should expect reliable ... >My company's mail server are reciving alot of spams with non-DQDN HELO ... >servers whcih does smtp routes to the relevant POP servers. ...
      (Security-Basics)