Hi!
However some of them appear in the prolocation and old Bill Stearns data:
/home/prolocation/black-prolocation-master in badhelos
blackpencils.com BYE dfhu876.com BYE emailgaul.com BYE ev24.net BYE happpymail.com BYE hideakifan.com BYE
Raymond and Bill, is it possible you got some of these from Chris earlier? If so is it possible for you to remove this "bad hello" list as a source?
No, the data we got is only from our own source, there are some reported via the SURBL+ webform, but we have the evidence files of those seperate.
We didnt use any other list to get this going.
A bad HELO btw, will be killed, most likely, by our mailers, since we do some strict checking there.
# Forged hostname -HELOs as one of my own IPs
deny message = Forged IP detected in HELO: $sender_helo_name hosts = !+relay_from_hosts log_message = Forged IP detected in HELO: $sender_helo_name condition = ${if \ eq{$sender_helo_name}{$interface_address}{yes}{no}}
We really get a LOAD of hits on a stupid ACL like that.
Bye, Raymond.