john@sixgirls.org (John Klos) writes:
> I've examined all of the spam I've received over the past few months, and
> it seems that around 75% of all of the spam that does get past my current
> filters (spamcop and orbd) would be blocked by #1, and that of all of the
> servers which connect with address literals, half would be rejected by #2.
> I have seen one false positive (the admin of the sending server was happy
> to add a DNS entry for his SMTP server), and no instance of legitimate
> email which came from a server which used an address literal.

One of the reasons I switched from sendmail to postfix was the
stronger checking of things like helo string.  If you are interested
in playing, I've got a slightly simplified example of what I run here
on this page:

        http://www.wsrcc.com/spam/

The helo string is checked for syntax (eg. has a dot) and if it passes
it is checked to make sure that the claimed hostname has an MX or A
record.  Postfix doesn't check the claimed name against the list of IP
addresses, but in practice that hasn't been a big problem.  The spam
that forges valid hostnames tends to be caught by the DNSBL checks.
The stuff that slips by the DNSBL's is mostly spam from hosts that run
ms-crapware and claim their FQDN is something like "johns-pc" or
similar.

-wolfgang
-- 
Wolfgang S. Rupprecht 		     http://www.wsrcc.com/wolfgang/
(NOTE: The email address above is valid.  Edit it at your own peril.)