AnsweredAssumed Answered

Block based on HELO / EHLO

Question asked by user.x1Z7BFk3p5n on Jun 20, 2017
Latest reply on Nov 17, 2017 by user.g5G8BaFaLoR

Is there a way to do some more granular blocking based on the server HELO being used?

We're seeing spam come from for example:

Received: from ( []) by... etc

So the IP is in India and doesn't match the claimed relay of

They're also spoofing a personal domain name of someone known to communicate with us e.g. name[@], so the SPF obviously fails, but the messages still get through (for various reasons)

I'd like to be able to block on something like:

Envelope From: name[@]

HELO = * (and for that matter anything *.ru)


Is there some way of doing this?