Reducing Spam - HELO checking
While stopping spam is a pipe dream you can tighten up your system so a little less gets in.
This is a technical FAQ mainly to remind support how to do it. Please contact support if you want this enabled as we don't expect you do make this level of change to your system.
When machines transfer E-Mail they have a little 'chat' to say who is who and what is going to happen. One of the procedures is the say HELO - most times this is vaid, however Spammers often send an invalid HELO - this can be checked and blocked.
After enabling HELO checking, the logs for a 6 day period shows
| Exim statistics from 2008-03-26 22:58:28 to 2008-03-31 11:03:34 | |
|---|---|
| Messages | Mail rejection reason |
| 268 | Rejected HELO/EHLO: syntactically invalid argument |
| 20 | Rejected EHLO: Your server announces itself ... |
It helps a little - with very low overhead.
To enable it, add the following to /usr/local/etc/exim.configure
# Insert this in the acl spec near the top
acl_smtp_helo = check_helo
# Insert this in the acl definitions.
check_helo:
deny message = Your server announcement ($sender_helo_name) \
is a single word rather than a FQDN. This is \
in breach of RFC2821
condition = ${if match {$sender_helo_name} \
{\.} {no}{yes}}
deny message = Your server announces itself \
($sender_helo_name) with a plain \
IP address which is in breach of RFC2821.
condition = ${if match {$sender_helo_name}\
{^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\$}\
{yes}{no}}
accept