Recently, Somebody Somewhere wrote these words
> >
> > Since this post I've tried every concievable combination of
> > hostnames and addresses to try to satisfy SA's FORGED_RCVD_HELO test
> > - no luck. This is a new Spam Assasin setup with all defaults still
> > in place. I'm too new at it to say for sure that it's set up right,
> > but it does score my incoming email, and has sent some to the spam
> > box (and let others slide :-).
Received: from [24.148.198.211] (helo=www.ccolton.com)
by smtpauth04.mail.atl.earthlink.net with asmtp (TLSv1:RC4-MD5:128)
(Exim 4.34)
id 1DcPov-0005qd-9D
for [EMAIL PROTECTED]; Sun, 29 May 2005 11:35:21 -0400
>From: Craig Colton <[EMAIL PROTECTED]>
I saved off one of your mails here, and tried it. That header gioves a
FORGED_RCVD_HELO. This one
Received: from [24.148.198.211] (helo=www) etc.
does not. Your host does not ping when it is not online. I have just
pinged www.ccolton.com, and nothing is there, because, I presume, your
box is off :-/. But just having the helo from a hostname solves the
problem. Windows boxen only know about their hostname, and a domain is
only associated with specific settings on an interface. They pass this
test, and they haven't a breeze about their fqdn. I have postfix saying
helo as a host, not an fqdn, and the sky doesn't fall in. Your actual
fqdn from the internet is going to be
user-0c99hmj.cable.mindspring.com (according to djb's dnsname)
and you can't set up the appropiate record for www.ccolton.com because
earthlink.net or mindspring.com already has. What smtp mail program
are you running? I'll bet you haven't tried that mindspring.com
in your settings. Well, I did, and after the wait for dns tests, I got
Content analysis details: (1.5 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
-6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to'
6.0 USER_IN_BLACKLIST_TO User is listed in 'blacklist_to'
So you lost the FORGED_RCVD_HELO (by giving the genuine one) but picked
up this HELO_DYNAMIC_HCC :-/. Changing the one last time to
meerkats.mindspring.com killed that. Way to go!!
--
With best Regards,
Declan Moriarty.
--
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
