Mailing List CGatePro@mail.stalker.com Message #106114
From: Jeff Wark <jwark@tbaytel.net>
Subject: Re: [Ext]HELO controls in CommuniGate
Date: Thu, 07 Jul 2016 16:57:35 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CommuniGate Pro WebUser v6.0.11
Looking at the messages in the Queue folder, there is a 'HELO $string$' in the top Received line.  I'm not sure how it would be done gracefully with a rule, but maybe a helper would do in this instance.  All the helper does is check the HELO value against a list (internal list to start out with, maybe graduating to a database in time).

It just got a lot more difficult, but not impossible.

--

Jeff Wark
Tbaytel Internet
On Thu, 07 Jul 2016 16:09:09 -0400
"Mark J Strawcutter" <mjstraw@iup.edu> wrote:
>>
>> You should be able to check/reject/drop using a rule
>>
>> Mark
>>
>> ----- Reply message -----
>>From: "Jeff Wark" <jwark@tbaytel.net>
>> To: "CommuniGate Pro Discussions" <CGatePro@mail.stalker.com>
>> Subject: [Ext]HELO controls in CommuniGate
>> Date: Thu, Jul 7, 2016 11:35 AM
>>
>> Just read an article that outlined some patterns that were detectable
>> in spambot HELO/EHLO commands.
>> As an example, looking at my logs show dozens of IP addresses connecting
>> with 'EHLO ylmf-pc'.
>>
>> Does anyone know of a method that allows for restricting the HELO strings in
>> CommuniGate?  It appears that Postfix has something called 'HELO controls'.  This would be an interesting feature.
>>
>> I'm thinking that there isn't because I am unaware of any options providing control at that point of the SMTP
>> connection.  The only thing I can think of is watching the logs and generating a list for blacklisting/denying IP addresses.
>>
>>
>> --
>>
>>
>> Jeff Wark
>> Tbaytel Internet
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>>
>> the mailing list <CGatePro@mail.stalker.com>.
>>
>> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
>>
>> To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
>>
>> To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
>>
>> Send administrative queries to  <CGatePro-request@mail.stalker.com>
>>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster