Christopher Cashell (topher) wrote,
Christopher Cashell
topher

Qmail + qregex = badhelo, and less spam.

I recently noticed that a large quantity of the spam I receive, particularly the worm/trojan caused spam (the ones that come with a single sentence and an attached .pif or .scr, or whatever) all come in with a 'HELO' of 'zyp.org', which is the destination domain.

Now, since zyp.org is my domain, no one else *should* be sending that as a HELO to my mail server. This gave me the idea that I should find a way to blacklist certain HELO strings. I started searching for a qmail patch that would do that, as I didn't really feel like writing it myself if I could avoid it, and came across qregex. qregex offers a number of extensions where you can add regex filtering to kill spam. Luckily, one of those places is HELO, in the form of the badhelo file.

And, as luck would further have it, the Debian qmail-src package already includes qregex (not quite the newest version, but new enough to include the badhelo addition).

So, I went ahead and created a badhelo file, added my domain name, and tested it (it worked). Glancing through my log files, I've already found hundreds of mail attempts that have been rejected by the badhelo. I'm impressed. ;-)

Anyone using qmail, or any other MTA, I highly recommend blacklisting your own destination domain from the MTA's accepted HELO strings. I would estimate I've reduced my spam by as much as 20%-40% with this.
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 3 comments