On Wed, Apr 07, 2004 at 06:39:03PM -0700, John Gardiner Myers wrote:
So verifying the HELO domain gives the verifier a key it can use to
better make abuse reports. Is this a fair summary of the claim?
A few numbers:
On one of our MTAs we had yesterday
240507 connections
126244 (52.5%) had HELO arguments that did not match the PTR record
(there is some uncertainity, as we do not check against
all PTR records).
21539 unique arguments were used
I have then run the HELO argumemts through a dns resolver and terminated
it after 3 hours now. The list was sorted descending by the number of
uses as a HELO argument
9420 unique arguments were processed (43% of list, 90.4% of
connections with non matching HELO arguments)
6554 (70%) resolved in DNS (A or MX)
2866 (30%) did not resolve to anything
Most of the unresolvable where due to arguments like
ntserv01113
sah-mbr5
BWXP31
COMPUTER
linux.local
NT_TST.yeniantalya.com
vud-server.Office-ZM.VUD.net
Interesting (we block messages with these HELO arguments)
34 external conns used the hostname of that MTA
7966 external conns used the IP of that MTA
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"