Looking at this code:
if ($ptr) {
$this->{rcvd}=~s/=host/$ptr/o;
} else {
$this->{rcvd}=~s/=host/$helo2/o;
}
$helo2 is simply the helo that was sent by the mailer
If a sending machine doesn't have a reverse IP, I know we score
appropriately, but for the layperson, I think it would be nice to *indicate
this in the received line*.
If an end users is smart enough to investigate a suspicious email by
looking at headers, he might still be fooled by something like this:
Received: from mail.somebank.com ([1.2.3.4] helo=mail.somebank.com) by....
I what if instead, we modify the above code to be something like this:
if ($ptr) {
$this->{rcvd}=~s/=host/$ptr/o;
} else {
$this->{rcvd}=~s/=host/*Suspicious-Sender*/o;
}
that'll produce
Received: from Suspicious-Sender ([1.2.3.4] helo=mail.somebank.com) by....
That way we still preserve the helo for heuristics but help the layperson
realize that it's a questionable line.
I suppose there's potential that ASSP would be receiving mail from an IP
that doesn't have a reverse, but I can't think of any reason that would
happen.
Thoughts?
------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
