Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Mail Servers blocking BAD Helo

from [Anthony J. Cogan] Network Security [Permanent Link]
Subject: Re: Mail Servers blocking BAD Helo
Date: Thu, 30 Dec 2004 12:44:29 -0600
Well the technical side of me says if they do not conform to the SMTP RFC's then it's the ISP's fault....

However, the business side of me says you must keep your customers happy, they are the ones thay pay your salary and all your toys. Even if it means not implementing something because another vendor isn't doing something right.

If you are an ISP, your customers demand and should expect reliable e-mail communications.

We have our SPAM filters turned quite high and blocking the majority of foreign countries, but we have a couple customers that require email to/from specific countries, so we have opened up those specific needs.

If your customer can't receive e-mail from someone they wish to communicate with, they will leave your business for someone who will provide them the service. They don't know about, nor do they care about RFC conformity, they just want their e-mail.

It's a delicate balance.

brandon@xcodes.net wrote:

Hi People,

Not quite sure if this is OT but would require opinions to assist me in
making decision of whether to block "BAD HELO" at SMTP level. Below is
a brief desciption of the situation:
My company's mail server are reciving alot of spams with non-DQDN HELO
greetings during the smtp conversation. We are using 2 front-end MX
servers whcih does smtp routes to the relevant POP servers. We have
actually tried to implement blocking of all helo greetings that are not
in FQDN format on one of the servers and the result seems to be good. However, the only problem that we faced is there other other ISP ain't
using FQDN in their HELO greetings.

We do have a couple of clients who are complaining that they are unable
to receive mails from certain ISPs, which from our checks in the SMTP
logs, the servers are using "MySMTP1" sort of HELO greetings. 

Now my management are asking me on this issue if we should fully
implement such feature across the other MX servers or should we
withdraw such feature fully from the MX servers.  From my readings on
the SMTP RFCs, they have indicated that SMTP servers must configure its
hostname to FQDN which will be used in HELO Greetings(if im not
wrong).  Im also wondering if there are any other ISP using such
implementation(Blocking BAD HELO greetings) on their SMTP Servers, any
idea?

Would welcome all opinions on this issue.

Thanks
Brandon




[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Blocking IP's / e-com fraud, Dan Tesch
Next by Date:  Re: Mail Servers blocking BAD Helo, Fernando Amatte
Previous by Thread:  Mail Servers blocking BAD Helo, brandon
Next by Thread:  Re: Mail Servers blocking BAD Helo, Fernando Amatte
Indexes:  [Date] [Thread] [Top] [All Lists]