Re: Mail Servers blocking BAD Helo

[Brandon Lee <lee.bran () gmail com>]

Hi all,

Thanks alot for the sharing of your experiences.

Well, i guess i would have to drop that BAD HELO implementation in the
form of business point of view.  However, what kinda spam filtering do
you guys think will be less resource intensive?  Currently im using
Spamassassin and its sitting together on the POP servers(as well as
webmail), however, it seems that too much spam mails are clogging up
the system resources.  im currently using qmail(with FEH patch) +
maildrop + vpopmail + spamassassin on the POP servers to d the
filterings.

The result of the previous trial did reflect a huge number of spam
mails coming directly to the MX servers because we have setup a remote
smtp server for our clients to sent out emails to avoid them using MS
email client connecting to MX to send emails directly(which will also
avoid MS email client's drawback of doing HELO with system name
instead of FQDN.

Last but not least, Happy New Year to you people.

Regards
Brandon


On Thu, 30 Dec 2004 17:15:58 -0500, Roger A. Grimes
<roger () banneretcs com> wrote:
> In my experiencing, too many MTA's don't comply.  Enforcing compliance
> resulted in too many lost legitimate emails over the last year for me,
> so I turned it off.  I was surprised by how many large and popular MTA's
> don't comply, and surprised by how much email my company was missing
> because I stuck to my guns for a year.  Not worth it.
>
> -----Original Message-----
> From: Anthony J. Cogan [mailto:anthony.cogan () thinkunix com]
> Sent: Thursday, December 30, 2004 1:44 PM
> To: brandon () xcodes net
> Cc: security-basics () securityfocus com
> Subject: Re: Mail Servers blocking BAD Helo
>
> Well the technical side of me says if they do not conform to the SMTP
> RFC's then it's the ISP's fault....
>
> However, the business side of me says you must keep your customers
> happy, they are the ones thay pay your salary and all your toys.  Even
> if it means not implementing something because another vendor isn't
> doing something right.
>
> If you are an ISP, your customers demand and should expect reliable
> e-mail communications.
>
> We have our SPAM filters turned quite high and blocking the majority of
> foreign countries, but we have a couple customers that require email
> to/from specific countries, so we have opened up those specific needs.
>
> If your customer can't receive e-mail from someone they wish to
> communicate with, they will leave your business for someone who will
> provide them the service.  They don't know about, nor do they care about
> RFC conformity, they just want their e-mail.
>
> It's a delicate balance.
>
> brandon () xcodes net wrote:
>
> > Hi People,
> >
> > Not quite sure if this is OT but would require opinions to assist me in
>
> > making decision of whether to block "BAD HELO" at SMTP level.  Below is
>
> > a brief desciption of the situation:
> > My company's mail server are reciving alot of spams with non-DQDN HELO
> > greetings during the smtp conversation.  We are using 2 front-end MX
> > servers whcih does smtp routes to the relevant POP servers.  We have
> > actually tried to implement blocking of all helo greetings that are not
>
> > in FQDN format on one of the servers and the result seems to be good.
> > However, the only problem that we faced is there other other ISP ain't
> > using FQDN in their HELO greetings.
> >
> > We do have a couple of clients who are complaining that they are unable
>
> > to receive mails from certain ISPs, which from our checks in the SMTP
> > logs, the servers are using "MySMTP1" sort of HELO greetings.
> >
> > Now my management are asking me on this issue if we should fully
> > implement such feature across the other MX servers or should we
> > withdraw such feature fully from the MX servers.  From my readings on
> > the SMTP RFCs, they have indicated that SMTP servers must configure its
>
> > hostname to FQDN which will be used in HELO Greetings(if im not wrong).
>
> > Im also wondering if there are any other ISP using such
> > implementation(Blocking BAD HELO greetings) on their SMTP Servers, any
> > idea?
> >
> > Would welcome all opinions on this issue.
> >
> > Thanks
> > Brandon


-- 
rgds
Brandon