|
|
| Re: HELO and IP Matching? [message #1067 is a reply to message #1066] |
Fri, 04 March 2005 10:32  |
support
Messages: 925
Registered: April 2004
|
Senior Member |
|
|
What should we compare? SMTP does not require that the HELO name and the real hostname have anything to do with each other, so rejecting a mail if they do not match would block lots of legit mail as well.
So some small positive spam score would be in order, and this seems is exactly what SpamAssassin is doing already. It looks as if the rules in the file 20_fake_helo_tests.cf do RDNS lookups. They have scores in the range of 1 to 2 points.
Customer Support
Byteplant GmbH
|
|
|
|
| Re: HELO and IP Matching? [message #1068 is a reply to message #1067] |
Fri, 04 March 2005 14:41 |
smorris
Messages: 10
Registered: December 2004
|
Junior Member |
|
|
I don't care about the real hostname. What I care about is whether the IP address that is actually talking to me matches the HELO entry... this is an important thing for folks who are spamming where the PTR entries often don't give the same information as the HELO.
I suppose I could also just up the points on that entry... Just gotta remember to do it again with every upgrade! 
Scott Morris
swm@emanon.com
|
|
|
|
|
|
| Re: HELO and IP Matching? [message #1070 is a reply to message #1069] |
Fri, 04 March 2005 15:15 |
support
Messages: 925
Registered: April 2004
|
Senior Member |
|
|
All scores are set in 50_scores.cf, but you can override them in other files. If you put your overrides into local.cf, they will even survive upgrades. Like this:
score FAKE_HELO_AOL 5.6
score FAKE_HELO_YAHOO_CA 27.0
...
Customer Support
Byteplant GmbH
|
|
|
|
| Re: HELO and IP Matching? [message #1071 is a reply to message #1070] |
Sat, 05 March 2005 00:17 |
smorris
Messages: 10
Registered: December 2004
|
Junior Member |
|
|
Yeah... Ok, found that... but looking at the CD with the HELO items in it, those are each for specific domain structures of places that shouldn't really house e-mail servers.
It's not really anything about a basic IP-level check for whether the HELO given resolves back to the IP address that shows up in the source field of IP packets for the current connection. (Or PTR of the IP matching the HELO name)
Hmmmm...
Scott Morris
swm@emanon.com
|
|
|
|
Members
Search
Help
Register
Login
Home
