?

Log in

No account? Create an account
Lord Yupa

February 2010

S M T W T F S
 123456
78910111213
14151617181920
21222324252627
28      
Powered by LiveJournal.com
Lord Yupa

Qmail + qregex = badhelo, and less spam.

I recently noticed that a large quantity of the spam I receive, particularly the worm/trojan caused spam (the ones that come with a single sentence and an attached .pif or .scr, or whatever) all come in with a 'HELO' of 'zyp.org', which is the destination domain.

Now, since zyp.org is my domain, no one else *should* be sending that as a HELO to my mail server. This gave me the idea that I should find a way to blacklist certain HELO strings. I started searching for a qmail patch that would do that, as I didn't really feel like writing it myself if I could avoid it, and came across qregex. qregex offers a number of extensions where you can add regex filtering to kill spam. Luckily, one of those places is HELO, in the form of the badhelo file.

And, as luck would further have it, the Debian qmail-src package already includes qregex (not quite the newest version, but new enough to include the badhelo addition).

So, I went ahead and created a badhelo file, added my domain name, and tested it (it worked). Glancing through my log files, I've already found hundreds of mail attempts that have been rejected by the badhelo. I'm impressed. ;-)

Anyone using qmail, or any other MTA, I highly recommend blacklisting your own destination domain from the MTA's accepted HELO strings. I would estimate I've reduced my spam by as much as 20%-40% with this.

Comments

It's been a while since I poked around at mail protocols, but would that potentially block legitimate mail from your domain? I.e. one user sends to another?

badhelo

It shouldn't.

What is supposed to be given in a 'HELO' is the local hostname, not the destination domain. Either way, though, I've got it set so it's only checking the HELO from "external" mail. Any hosts that are listed as being allowed to relay mail through my mail server (basically, the local LAN) bypasses the badhelo checks.
That was pretty damn smart. So what else is new? I had no valentine, spent the night somewhere, and got shit-faced drunk. How Fun!!!! Don't remember most of it.