CLOSED: HELO_DYNAMIC_IPADDR not explainable
Hey John, thanks very much! It was infact the hostname. Changed it and now it´s all good! Cheers mate! John D. Hardin wrote: > > On Tue, 8 May 2007, DogMatz wrote: > >> Received: from lvps87-230-7-51.dedicated.hosteurope.de >> (server.marcelkorte.de [87.230.7.51]) >> >> Well, I guess that the reason lies in "Received: from >> lvps87-230-7-51.dedicated.hosteurope.de". > > Yup. > >> But still. I don´t understand where that might come frome since >> nslookup 87.230.7.51 shows the correct hostname >> server.marcelkorte.de. > > What the client says in its HELO command has nothing to do with what > its rDNS is. The client can say anything it wants in its HELO. > > If that system is under your control, you should either verify that > your hostname is set to server.marcelkorte.de (most clients will use > the local hostname for the HELO), or check your MTA or mail client > program docs for how to explicitly specify what it says in the HELO. > > That said, I would observe that HELO_DYNAMIC_IPADDR probably shouldn't > fire on a HELO containing the string "dedicated", but how many > possible variations of that theme are there...? > > -- > John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ > [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- > Gun Control is marketed to the public using the appealing delusion > that violent criminals will obey the law. > ----------- > 546 days until the Presidential Election > > > > -- View this message in context: http://www.nabble.com/HELO_DYNAMIC_IPADDR-not-explainable-tf3710870.html#a10382951 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: HELO_DYNAMIC_IPADDR not explainable
On Tue, 8 May 2007, DogMatz wrote: > Received: from lvps87-230-7-51.dedicated.hosteurope.de > (server.marcelkorte.de [87.230.7.51]) > > Well, I guess that the reason lies in "Received: from > lvps87-230-7-51.dedicated.hosteurope.de". Yup. > But still. I don´t understand where that might come frome since > nslookup 87.230.7.51 shows the correct hostname > server.marcelkorte.de. What the client says in its HELO command has nothing to do with what its rDNS is. The client can say anything it wants in its HELO. If that system is under your control, you should either verify that your hostname is set to server.marcelkorte.de (most clients will use the local hostname for the HELO), or check your MTA or mail client program docs for how to explicitly specify what it says in the HELO. That said, I would observe that HELO_DYNAMIC_IPADDR probably shouldn't fire on a HELO containing the string "dedicated", but how many possible variations of that theme are there...? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Gun Control is marketed to the public using the appealing delusion that violent criminals will obey the law. --- 546 days until the Presidential Election
Re: HELO_DYNAMIC_IPADDR not explainable
Ooops :-) Here we go: --- Content-Type: message/rfc822; x-spam-type=original Content-Description: original message before SpamAssassin Content-Disposition: inline Content-Transfer-Encoding: 8bit Return-Path: <[EMAIL PROTECTED]> X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from lvps87-230-7-51.dedicated.hosteurope.de (server.marcelkorte.de [87.230.7.51]) by webbox413.server-home.net (Postfix) with ESMTP id 1E854783 for <[EMAIL PROTECTED]>; Tue, 8 May 2007 15:51:59 +0200 (CEST) Received: (qmail 15347 invoked from network); 8 May 2007 15:51:59 +0200 Received: from ip234.165.1211g-cud12k-02.ish.de (HELO ?192.168.178.20?) (62.143.165.234) by server.marcelkorte.de with SMTP; 8 May 2007 15:51:58 +0200 Mime-Version: 1.0 (Apple Message framework v752.3) Content-Transfer-Encoding: 7bit Message-Id: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=US-ASCII; format=flowed To: [EMAIL PROTECTED] From: Marcel Korte <[EMAIL PROTECTED]> Subject: TEST!!! Date: Tue, 8 May 2007 15:51:46 +0200 X-Mailer: Apple Mail (2.752.3) -- Well, I guess that the reason lies in "Received: from lvps87-230-7-51.dedicated.hosteurope.de". But still. I don´t understand where that might come frome since nslookup 87.230.7.51 shows the correct hostname server.marcelkorte.de. Daryl C. W. O wrote: > > DogMatz wrote: >> Emails from one of my accounts often get the HELO_DYNAMIC_IPADDR but I >> can´t >> see why! > > Nor can we since you didn't include the headers from the actual message > scanned, rather just the report_safe encapsulation headers. > > Daryl > > >> Check this mail: >> >> Received: from localhost by webbox413.server-home.net >> with SpamAssassin (version 3.1.3); >> Tue, 08 May 2007 15:52:01 +0200 >> From: Marcel Korte <[EMAIL PROTECTED]> >> To: [EMAIL PROTECTED] >> Subject: *SPAM* TEST!!! >> Date: Tue, 8 May 2007 15:51:46 +0200 >> Message-Id: <[EMAIL PROTECTED]> >> X-Spam-Flag: YES >> X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on >> webbox413.server-home.net >> X-Spam-Level: *** >> X-Spam-Status: Yes, score=7.6 required=5.0 tests=AWL,BAYES_80, >> FORGED_RCVD_HELO,HELO_DYNAMIC_IPADDR,PLING_PLING autolearn=no >> version=3.1.3 >> X-Spam-Report: >> * 4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP >> addr >> * 1) >> * 0.1 FORGED_RCVD_HELO Received: contains a forged HELO >> * 2.0 BAYES_80 BODY: Bayesian spam probability is 80 to 95% >> * [score: 0.8032] >> * 0.3 PLING_PLING Subject has lots of exclamation marks >> * 1.0 AWL AWL: From: address is in the auto white-list >> MIME-Version: 1.0 >> Content-Type: multipart/mixed; boundary="--=_46408081.5D87A5E1" >> >> This is a multi-part message in MIME format. >> > > > -- View this message in context: http://www.nabble.com/HELO_DYNAMIC_IPADDR-not-explainable-tf3710870.html#a10381040 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: HELO_DYNAMIC_IPADDR not explainable
DogMatz wrote: Emails from one of my accounts often get the HELO_DYNAMIC_IPADDR but I can´t see why! Nor can we since you didn't include the headers from the actual message scanned, rather just the report_safe encapsulation headers. Daryl Check this mail: Received: from localhost by webbox413.server-home.net with SpamAssassin (version 3.1.3); Tue, 08 May 2007 15:52:01 +0200 From: Marcel Korte <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: *SPAM* TEST!!! Date: Tue, 8 May 2007 15:51:46 +0200 Message-Id: <[EMAIL PROTECTED]> X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on webbox413.server-home.net X-Spam-Level: *** X-Spam-Status: Yes, score=7.6 required=5.0 tests=AWL,BAYES_80, FORGED_RCVD_HELO,HELO_DYNAMIC_IPADDR,PLING_PLING autolearn=no version=3.1.3 X-Spam-Report: * 4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr * 1) * 0.1 FORGED_RCVD_HELO Received: contains a forged HELO * 2.0 BAYES_80 BODY: Bayesian spam probability is 80 to 95% * [score: 0.8032] * 0.3 PLING_PLING Subject has lots of exclamation marks * 1.0 AWL AWL: From: address is in the auto white-list MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--=_46408081.5D87A5E1" This is a multi-part message in MIME format.
HELO_DYNAMIC_IPADDR not explainable
Emails from one of my accounts often get the HELO_DYNAMIC_IPADDR but I can´t see why! Check this mail: Received: from localhost by webbox413.server-home.net with SpamAssassin (version 3.1.3); Tue, 08 May 2007 15:52:01 +0200 From: Marcel Korte <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: *SPAM* TEST!!! Date: Tue, 8 May 2007 15:51:46 +0200 Message-Id: <[EMAIL PROTECTED]> X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on webbox413.server-home.net X-Spam-Level: *** X-Spam-Status: Yes, score=7.6 required=5.0 tests=AWL,BAYES_80, FORGED_RCVD_HELO,HELO_DYNAMIC_IPADDR,PLING_PLING autolearn=no version=3.1.3 X-Spam-Report: * 4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr * 1) * 0.1 FORGED_RCVD_HELO Received: contains a forged HELO * 2.0 BAYES_80 BODY: Bayesian spam probability is 80 to 95% * [score: 0.8032] * 0.3 PLING_PLING Subject has lots of exclamation marks * 1.0 AWL AWL: From: address is in the auto white-list MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--=_46408081.5D87A5E1" This is a multi-part message in MIME format. -- View this message in context: http://www.nabble.com/HELO_DYNAMIC_IPADDR-not-explainable-tf3710870.html#a10379762 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
