Robert Bonomi wrote:
> In article <3760ae82-7ee8-42d4-ba59-9a5f2fa53d85@m44g2000hsc.googlegroups.com>,
> forrie@gmail.com <forrie@gmail.com> wrote:
>> Some BOTNETs connect with seemingly randomized HELO addresses. I
>> wonder if there's a means by which to deal with this (perhaps via a
>> Milter).
>
> milters can do _anything_. <grin>
>
> The only question is how much time you want to spend developing it.

it's already available:
http://www.benzedrine.cx/milter-regex.html


>
> Machines _should_ HELO with a FQDN for that machine. and it "should" match
> the rDNS for the connecting address`
>
> Insisting on an rDNS match will drop significant amounts of 'legitimate' mail.
>
> Doing some basic 'sanity checks' on the HELO string -- e.g. rejecting any
> outside machine that HELOs as _your_ network, disallowing anything that
> starts with an '-', is all-numeric, looks like a dotted quad {with or without
> surrounding brackets}, an unqualified 'localhost' or 'localhost@localdomain',
> requiring at least 1 dot in the string, and that there be a valid TLD _after_
> the last dot -- =will= trap a lot of bad stuff, with only a _very_rare_ impact
> on legitimate mail.
>
>

snarfit.net
admin@snarfit.net