Mailing List CGatePro@mail.stalker.com Message #106109
From: Jeff Wark <jwark@tbaytel.net>
Subject: HELO controls in CommuniGate
Date: Thu, 07 Jul 2016 11:34:44 -0400
To: CGate Mailing List <cgatepro@stalker.com>
X-Mailer: CommuniGate Pro WebUser v6.0.11
Just read an article that outlined some patterns that were detectable in spambot HELO/EHLO commands.

As an example, looking at my logs show dozens of IP addresses connecting with 'EHLO ylmf-pc'.

Does anyone know of a method that allows for restricting the HELO strings in CommuniGate?  It appears that Postfix has something called 'HELO controls'.  This would be an interesting feature.

I'm thinking that there isn't because I am unaware of any options providing control at that point of the SMTP connection.  The only thing I can think of is watching the logs and generating a list for blacklisting/denying IP addresses.

--

Jeff Wark
Tbaytel Internet
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster