Home page logo
/

basics logo Security Basics mailing list archives

RE: Mail Servers blocking BAD Helo
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Thu, 30 Dec 2004 17:15:58 -0500

In my experiencing, too many MTA's don't comply.  Enforcing compliance
resulted in too many lost legitimate emails over the last year for me,
so I turned it off.  I was surprised by how many large and popular MTA's
don't comply, and surprised by how much email my company was missing
because I stuck to my guns for a year.  Not worth it. 

-----Original Message-----
From: Anthony J. Cogan [mailto:anthony.cogan () thinkunix com] 
Sent: Thursday, December 30, 2004 1:44 PM
To: brandon () xcodes net
Cc: security-basics () securityfocus com
Subject: Re: Mail Servers blocking BAD Helo

Well the technical side of me says if they do not conform to the SMTP
RFC's then it's the ISP's fault....

However, the business side of me says you must keep your customers
happy, they are the ones thay pay your salary and all your toys.  Even
if it means not implementing something because another vendor isn't
doing something right.

If you are an ISP, your customers demand and should expect reliable
e-mail communications.

We have our SPAM filters turned quite high and blocking the majority of
foreign countries, but we have a couple customers that require email
to/from specific countries, so we have opened up those specific needs.

If your customer can't receive e-mail from someone they wish to
communicate with, they will leave your business for someone who will
provide them the service.  They don't know about, nor do they care about
RFC conformity, they just want their e-mail.

It's a delicate balance.

brandon () xcodes net wrote:

Hi People,

Not quite sure if this is OT but would require opinions to assist me in

making decision of whether to block "BAD HELO" at SMTP level.  Below is

a brief desciption of the situation:
My company's mail server are reciving alot of spams with non-DQDN HELO 
greetings during the smtp conversation.  We are using 2 front-end MX 
servers whcih does smtp routes to the relevant POP servers.  We have 
actually tried to implement blocking of all helo greetings that are not

in FQDN format on one of the servers and the result seems to be good.
However, the only problem that we faced is there other other ISP ain't 
using FQDN in their HELO greetings.

We do have a couple of clients who are complaining that they are unable

to receive mails from certain ISPs, which from our checks in the SMTP 
logs, the servers are using "MySMTP1" sort of HELO greetings.

Now my management are asking me on this issue if we should fully 
implement such feature across the other MX servers or should we 
withdraw such feature fully from the MX servers.  From my readings on 
the SMTP RFCs, they have indicated that SMTP servers must configure its

hostname to FQDN which will be used in HELO Greetings(if im not wrong).

Im also wondering if there are any other ISP using such 
implementation(Blocking BAD HELO greetings) on their SMTP Servers, any 
idea?

Would welcome all opinions on this issue.

Thanks
Brandon

 



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]