Chris-Linfoot.net

• The full instructions for the tweak may be found here.
  
• Once installed, create rules to trap any inbound message that HELOs with any of your own local MTAs' fully qualified hostnames or public IP addresses and
  
• set these rules to "don't accept message"

This has the effect of rejecting at source any email that comes to you from a host which claims to be one of your own. This is a completely bulletproof spam indicator. I guarantee no false positives and although the absolute number rejected will be small, it is easy to do so just do it!

Now the wishlist

Daniel (you've already seen most of these) and/or OpenNTF code gurus (hi Nathan) please note - this tweak could be greatly improved by making possible such rules as:

• When message did not originate locally and HELO is not a fully qualified hostname (i.e. does not have at least two periods in it), do not accept message.
  
• When HELO is an IP address, do not accept message.
  
• When HELO uses high bit (non-printable ASCII) characters, do not accept message.
  
• And finally for now, is it possible to create a rule that works on raw MIME source? This would open up a world of possibilities as you could then reject at source emails that, for example
  • used excessive HTML comments
  • or non-existent HTML tags
  • or <FONT COLOR="#FFFFFF">
  and so on.

I'd do it myself, but in case it is not already clear -- I don't do code.

Category: Domino: Administration
Technorati: Domino: Administration

1. Paul Howarth15/12/2003 14:52:29

Regarding your wishlist item:

"When message did not originate locally and HELO is not a fully qualified hostname (i.e. does not have at least two periods in it), do not accept message."

I'm a sendmail user myself and a few months ago I configured my MTA to reject mail from any host that didn't HELO with a name containing at least one period in it. After around a week I had to turn this off because there are simply far too many misconfigured hosts out there (would you believe most of them are MS Exchange boxes? ) and I was bouncing too much mail from people I actually wanted to correspond with.

Of course, YMMV but I wouldn't advise blocking mail using this criterion even on a personal domain, let alone a corporate MTA.

Regards, Paul.

2. Chris Linfoot15/12/2003 15:06:03

OK, well I might not block with that one, but I might count them for a while...

3. Chris Linfoot15/12/2003 15:09:32

More wishlist items for blocking based on MIME content:

- HTML forms
- Javascript (or any script)
- messages containing no text, but with single in-line or externally referenced images
- messages with HTTP links that include username:password@fully-qualified-hostname
- messages with HTTP links that include username:password@dotted-quad-ip-address
- messages with links that go to hosts listening on ports other than port 80 (or 443, I suppose)

cwl

4. Justin Knol15/12/2003 19:47:07
Homepage: http://justinknol.net/

Chris,

You may not do code - but you do a great job on this site. It is always an interesting read & I just thought I'd say thanks.

Cheers
Justin

5. Chris Linfoot16/12/2003 09:00:20

As ever, you are most welcome and thanks for the encouragement

6. Dan Cihon25/09/2005 16:31:54
Homepage: http://WWW.DCCATHOME.COM

Would it be possible for you to show how to create the rule for the HELO?
Thanks
Dan

7. Chris Linfoot26/09/2005 08:32:17

1. Read the article above. Note the link entitled "demonstrated a very easy tweak". That article shows a mod to a standard Domino Directory that permits server mail rules based on among other things HELO.

2. Apply mod to your Domino Directory.

3. Create rules like "When HELO is [your.fully.qualified.hostname] don't accept message". You can usually safely create such rules for all of your server's public names, domains and IP addresses.

Unable to post a comment? Please read this for a possible explanation...