Mailing List CGatePro@mail.stalker.com Message #106111
From: Mark J Strawcutter <mjstraw@iup.edu>
Subject: Re: [Ext]HELO controls in CommuniGate
Date: Thu, 07 Jul 2016 16:09:09 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
You should be able to check/reject/drop using a rule

Mark

----- Reply message -----
From: "Jeff Wark" <jwark@tbaytel.net>
To: "CommuniGate Pro Discussions" <CGatePro@mail.stalker.com>
Subject: [Ext]HELO controls in CommuniGate
Date: Thu, Jul 7, 2016 11:35 AM

 Just read an article that outlined some patterns that were detectable in spambot HELO/EHLO commands.

As an example, looking at my logs show dozens of IP addresses connecting with 'EHLO ylmf-pc'.

Does anyone know of a method that allows for restricting the HELO strings in CommuniGate?  It appears that Postfix has something called 'HELO controls'.  This would be an interesting feature.

I'm thinking that there isn't because I am unaware of any options providing control at that point of the SMTP connection.  The only thing I can think of is watching the logs and generating a list for blacklisting/denying IP addresses.

--

Jeff Wark
Tbaytel Internet

#############################################################

This message is sent to you because you are subscribed to

  the mailing list <CGatePro@mail.stalker.com>.

To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>

To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>

To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>

Send administrative queries to  <CGatePro-request@mail.stalker.com>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster