| Deutsch English Français Italiano |
|
<vla1k6$o3g$1@tncsrv09.home.tnetconsulting.net> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.omega.home.tnetconsulting.net!not-for-mail From: Grant Taylor <gtaylor@tnetconsulting.net> Newsgroups: comp.mail.sendmail Subject: Filtering HELO / EHLO names before MAIL FROM Date: Fri, 3 Jan 2025 19:07:18 -0600 Organization: TNet Consulting Message-ID: <vla1k6$o3g$1@tncsrv09.home.tnetconsulting.net> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Sat, 4 Jan 2025 01:07:18 -0000 (UTC) Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="omega.home.tnetconsulting.net:198.18.1.11"; logging-data="24688"; mail-complaints-to="newsmaster@tnetconsulting.net" User-Agent: Mozilla Thunderbird Content-Language: en-US Bytes: 1413 Lines: 17 Hi, Is there a method that I can use to filter & reject (return a 5xy error) for bad HELO / EHLO names at HELO / EHLO time? I see some options (FEATURE(`block_bad_helo')) but they seem to apply later in the SMTP transaction. I'm seeing what I suspect is bots looking to do credential stuffing, but I'm not offering authentication on this system, so they are bailing before usual protections would kick in. Initial searches haven't turned up much that happens before MAIL FROM. -- Grant. . . .