aubreyl wrote: > Larry Rosenman wrote: >> Greetings, >> I had the following headers: [snip] > This checks what the server initiating the SMTP connection to your > server says it is, and what it's domain name resolves to. > > Let's say that fakedomain.com resolves to 45.45.45.45 > > then.... > > ~# telnet yourdomain.com 25 > Trying 123.123.123.123... > Connected to yourdomain.com. > Escape character is '^]'. > 220 mail.yourdomain.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 8 Dec 2006 > 19:30:05 -0600 > *helo fakedomain.com* > 250 mail.yourdomain.com *Hello 12-34-56-78.client.isp.com > [12.34.56.78]*, pleased to meet you > > > during this interaction, it is obvious that the connection was made > from 12-34-56-78.client.isp.com that has an IP of 12.34.56.78. But > since in the "helo" giviaubreyln, the server says that it is fakedomain.com. > > This is common for some small mail servers, like mine, who use to be > able to stand behind a router with a different outgoing IP. Now it > has become common practice to void messages from such servers. > > I'm not up to speed with all of the RFC's, but perhaps there's one in > there for this? Anyone know? > > -=Aubrey=-
I'm very familiar with the HELO/Etc. My concern is the high score And the fact that this message was legit, to a well-known mailing-list. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 512-248-2683 E-Mail: ler@lerctr.org US Mail: 430 Valona Loop, Round Rock, TX 78681-3893