On 3/9/2005 6:08 PM, Justin Mason wrote: > mouss writes: > >>Do you mean it's deliberate to catch this (as a helo ip mismatch): >> >> Received: from unknown (HELO 212.27.42.19) (218.190.234.6) >> >>but not this >> >> Received: from unknown (HELO [212.27.42.19]) (218.190.234.6)
> yes. (I'm not sure if we've retested that recently though.) I've been playing with this a lot recently. Hence the note. I've grepped my logs and every single instance of a helo literal is spam. But even if you want to accomodate NATs and such, the current exception allows spammers to bypass the tests just by excluding the brackets. If you want to preserve the distinction, add an extra score for non-literal addresses, since that's a rat-sign that's above-and-beyond the spam-sign from lack of a domain name. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/