Re: a small explanation on rule FORGED_RCVD_HELO
Matt Kettler wrote: It looks for a HELO doesn't match against the reverse DNS for the IP address. Please note the case of clients connected to the network via NAT and using dynamic IP addresses. In the general case, such clients do not known about the IP address to which one their local address is translated using NAT. Such clients cannot set a correct HELO. Claude
Re: a small explanation on rule FORGED_RCVD_HELO
Claude Frantz wrote on Tue, 14 Aug 2007 11:11:31 +0200: Please note the case of clients connected to the network via NAT and using dynamic IP addresses. In the general case, such clients do not known about the IP address to which one their local address is translated using NAT. Such clients cannot set a correct HELO. I would guess the rule uses only the last non-trusted received = it compares the HELO *we* got from it with the rDNS. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: a small explanation on rule FORGED_RCVD_HELO
Claude Frantz wrote: Matt Kettler wrote: It looks for a HELO doesn't match against the reverse DNS for the IP address. Please note the case of clients connected to the network via NAT and using dynamic IP addresses. In the general case, such clients do not known about the IP address to which one their local address is translated using NAT. Such clients cannot set a correct HELO. Which is one of the many, many, many reasons this rule had a high false positive rate, thus had a low score in 3.1.x and was removed from 3.2.x. I don't think anyone believes this rule is a good one, and the above facts (mentioned in the very post you replied to) indicate the SA team knows this already.
R: a small explanation on rule FORGED_RCVD_HELO
-Messaggio originale- Da: Matt Kettler [mailto:[EMAIL PROTECTED] Inviato: martedì 14 agosto 2007 13.38 A: Claude Frantz Cc: users@spamassassin.apache.org Oggetto: Re: a small explanation on rule FORGED_RCVD_HELO Claude Frantz wrote: Matt Kettler wrote: It looks for a HELO doesn't match against the reverse DNS for the IP address. Please note the case of clients connected to the network via NAT and using dynamic IP addresses. In the general case, such clients do not known about the IP address to which one their local address is translated using NAT. Such clients cannot set a correct HELO. Which is one of the many, many, many reasons this rule had a high false positive rate, thus had a low score in 3.1.x and was removed from 3.2.x. I don't think anyone believes this rule is a good one, and the above facts (mentioned in the very post you replied to) indicate the SA team knows this already. I agree with you. If I'm correctly recalling, this kind of check was first suggested even in the (in)famous BOTNET plugin and then not implemented even there. The reason was that most people who legitimately run an MX server don't have any access to their rDNS records and they would not like to HELO with something different to the DNS name they assigned to the MX. Actually, the BOTNET plugin implements a less strict HELO to IP and an IP to rDNS to DNS check. Again, if I'm not recalling wrong. Please note I wrote the (in)famous BOTNET plugin just because at the age there was a lot of debate on it, since mail sent from most small and tiny service providers would have probably failed at least one of its checks. Nevertheless, many in this list were endorsing it. Giampaolo
RE: a small explanation on rule FORGED_RCVD_HELO
ah ok thank you for you answere :handshake: Klas Nyström wrote: My guess is that its when your mailserver receives a mail via SMTP and the sender identifies itself as the receiving mailserver or perhaps if it identifies as a host without reverse lookup. I havnt really looked in to it but can anyone confirm this? /KN -Original Message- From: Sasori_no_Suna [mailto:[EMAIL PROTECTED] Sent: den 10 augusti 2007 10:10 To: users@spamassassin.apache.org Subject: a small explanation on rule FORGED_RCVD_HELO hello all , I want just to know about this rule FORGED_RCVD_HELO what does it mean ? and on the result of spamassassin, why I have always that I need just explanation thank ps:excuse me for my bad english:-/ -- View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087088 Sent from the SpamAssassin - Users mailing list archive at Nabble.com. -- View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087639 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
a small explanation on rule FORGED_RCVD_HELO
hello all , I want just to know about this rule FORGED_RCVD_HELO what does it mean ? and on the result of spamassassin, why I have always that I need just explanation thank -- View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087088 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: a small explanation on rule FORGED_RCVD_HELO
My guess is that its when your mailserver receives a mail via SMTP and the sender identifies itself as the receiving mailserver or perhaps if it identifies as a host without reverse lookup. I havnt really looked in to it but can anyone confirm this? /KN -Original Message- From: Sasori_no_Suna [mailto:[EMAIL PROTECTED] Sent: den 10 augusti 2007 10:10 To: users@spamassassin.apache.org Subject: a small explanation on rule FORGED_RCVD_HELO hello all , I want just to know about this rule FORGED_RCVD_HELO what does it mean ? and on the result of spamassassin, why I have always that I need just explanation thank ps:excuse me for my bad english:-/ -- View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087088 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: a small explanation on rule FORGED_RCVD_HELO
more explanation please :confused: Sasori_no_Suna wrote: ah ok thank you for you answere :handshake: Klas Nyström wrote: My guess is that its when your mailserver receives a mail via SMTP and the sender identifies itself as the receiving mailserver or perhaps if it identifies as a host without reverse lookup. I havnt really looked in to it but can anyone confirm this? /KN -Original Message- From: Sasori_no_Suna [mailto:[EMAIL PROTECTED] Sent: den 10 augusti 2007 10:10 To: users@spamassassin.apache.org Subject: a small explanation on rule FORGED_RCVD_HELO hello all , I want just to know about this rule FORGED_RCVD_HELO what does it mean ? and on the result of spamassassin, why I have always that I need just explanation thank ps:excuse me for my bad english:-/ -- View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087088 Sent from the SpamAssassin - Users mailing list archive at Nabble.com. -- View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12088661 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: a small explanation on rule FORGED_RCVD_HELO
Sasori_no_Suna wrote: hello all , I want just to know about this rule FORGED_RCVD_HELO what does it mean ? and on the result of spamassassin, why I have always that I need just explanation thank It looks for a HELO doesn't match against the reverse DNS for the IP address. However, it should also be noted that this rule is dead. 3.2.0 and higher no longer include it. Even in 3.1.x the score of this rule is very small and negligable due to its high false-positive rate.