AnsweredAssumed Answered

Block based on HELO / EHLO

Question asked by user.x1Z7BFk3p5n on Jun 20, 2017
Latest reply on Nov 17, 2017 by user.g5G8BaFaLoR

Is there a way to do some more granular blocking based on the server HELO being used?

We're seeing spam come from for example:

Received: from uucv.pisem.net (117.244.106.185 [117.244.106.185]) by... etc

So the IP is in India and doesn't match the claimed relay of pisem.net.

They're also spoofing a personal domain name of someone known to communicate with us e.g. name[@]surname.com, so the SPF obviously fails, but the messages still get through (for various reasons)

I'd like to be able to block on something like:

Envelope From: name[@]surname.com

HELO = *.pisem.net (and for that matter anything *.ru)

 

Is there some way of doing this?

 

Thanks.

Outcomes