We were getting this when our DNS lookup (provided by an ISP) was timing out. A local DNS cache was set up on the same box as SA and all the false positives from AOL stopped.
-----Original Message----- From: Kelson Vibber [mailto:[EMAIL PROTECTED] Sent: Monday, February 16, 2004 6:14 PM To: [EMAIL PROTECTED] Subject: Re: false positives from AOL At 02:45 PM 2/16/2004, Dana Holland wrote: >Here are some of them - they do all have a lot in common - but I'm not >experience enough with this to completely understand what it's telling me: > > 2.9 NO_RDNS_DOTCOM_HELO Host HELO'd as a big ISP, but had no rDNS > 1.8 FAKE_HELO_AOL Host HELO did not match rDNS: aol.com These basically say that the server that gave you the message claimed to be AOL, but its IP address did not resolve to a host in the aol.com domain. Are these coming straight from AOL to your server, or do they pass through some other server or proxy first? You might need to set trusted_networks to take that into account. Or perhaps are these students using their AOL addresses on non-AOL connections? Or, finally, you could just have a DNS issue preventing the lookups. Kelson Vibber SpeedGate Communications <www.speed.net>
