No, there is no such thing available "built-in" to Exchange. Further, trying to block/disconnect based on the HELO/EHLO string during the hand shake will be problematic at best. While it will be effective for some, it will also suffer from a lot of false positives. I see a lot of legit e-mail coming from servers with either a misconfigured FQDN, an obscure FQDN, a purposeful obscured FQDN, misconfigured or missing DNS entries and/or missing or incorrect PTR records. All of these will cause false positives on a test of the HELO/EHLO string. Further, if there is a high volume of incoming involved, that can really slow things down depending on how it is done. John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: Dan HINCKLEY [mailto:dah@xxxxxxxxxxx] > Sent: Friday, December 17, 2004 12:27 AM > To: [ExchangeList] > Subject: [exchangelist] RE: connection filtering on HELO/EHLO > > http://www.MSExchange.org/ > > I'm getting a bunch of spam, some w/viruses, spoofing a domain > (mail.domain.tld) in the HELO. I was trying to see if there is a way built > into ES 2003 to use the FQDN (spoofed) rather than an IP (since these guys > change their IPs) to drop the connection. > > At 07:46 12/17/2004, you wrote: > >http://www.MSExchange.org/ > > > >What kind of filtering? > > > >John Tolmachoff > >Engineer/Consultant/Owner > >eServices For You > > > > > -----Original Message----- > > > From: Dan HINCKLEY [mailto:dah@xxxxxxxxxxx] > > > Sent: Thursday, December 16, 2004 12:32 AM > > > To: [ExchangeList] > > > Subject: [exchangelist] connection filtering on HELO/EHLO > > > > > > http://www.MSExchange.org/ > > > > > > Have looked in the archives w/o luck. Can anyone point me to a method of > > > doing filtering in ES 2003 at the HELO/EHLO command? > > > > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx