« So you want to be a consultant... ? | Main | Crypto hashes in the news again »

February 04, 2005

Rejecting spammers with HELO

I had posted this in my old weblog before The Big Crash, but I think it needs an encore. There is obviously no single silver bullet in the spam problem, but I've found one technique that's been very effective at reducing it on my own webserver, with a guaranteed zero false positive rate. It relies on spammers being stupid.

The short description is that when our mailserver receives an inbound SMTP connection and the other end uses our own IP address in the HELO message, we reject the message out of hand. No real MTA has ever done this, so it's guaranteed that this is spam (and usually from Trojaned machines).

Unixwiz.net Tech Tip: Blocking spammers with Postfix HELO controls

It's turned away more than 18,000 connections just in the last week.

Posted at 10:55 AM in Tech Tips |

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)

ABOUT STEVE

  • Steve Friedl is a software and network security consultant in Southern California. He has been a C and UNIX developer since 1981 and has an exceptionally broad background in this area. Some areas of expertise include:

    • C and C++ systems software development on the UNIX and Win32 platforms
    • Communications, including serial and TCP/IP based controllers
    • Enterprise internet security administration and configuration
    • Penetration tests, audits, and network reviews
    • Security forensics, reverse engineering, and tools development
    • General UNIX and Windows system/network administration
    • The Windows Printing System
    • Database software development
    • Technology problem solving and research
    • Technical writing and standup training

Recent Posts

Categories

Archives

Unix Wiz

Stephen J. FriedlSoftware ConsultantOrange County, CA USASteve@unixwiz.net