seebs@plethora.net (Peter Seebach) writes:
> In message <20040222131528.GK11328@phaeton.entropie.net>, Martin Weber writes:
>>I.e. lock out anyone with a private network who happened to name
>>her machines as she liked, and didn't have the money to buy a
>>global name? This sounds microsoftish :) (Or those who happened
>>to name their private network, but were not quick enough to buy
>>the domain, and thus their name is resolvable yet points to another
>>IP, like in my case [entropie.net])
>
> No problem.  HELO as your real address.
>
>>Sorry, but this brutal scalpel method doesn't really help us.
>
> Yes, it does.  There is no sysadmin incapable of providing valid reverse
> DNS, and this simple filter gets rid of a very large quantity of spam.

If the person is using sendmail there are even client-flags and
daemon-flags that set the HELO string to correspond with the rDNS on
the outgoing interface.  Folks that are multiply homed (or even on
dynamic IP's) should be able to use that to get the right HELO.  Well,
that assumes that folks have valid rDNS I supposed...

I don't yet check if rDNS matches with the HELO.  Just insisting that
the rDNS exists and corresponds with the forward DNS kills 50% of my
spam.  My 18hr numbers are:

 Count	Percent	Description

  1551	52.38	Client host rejected: cannot find your hostname, [X.X.X.X]
  1017	34.35	Client host rejected: Please use your provider's mail server
   223	 7.53	Service unavailable; Client host [X.X.X.X] blocked using dnsbl.sorbs.net
    66	 2.23	Service unavailable; Client host [X.X.X.X] blocked using bl.spamcop.net
    22	 0.74	Helo command rejected: Host not found

(At this point in time, when I get less than 7,000 spam attempts per
day it is a good day.)

-wolfgang