Robert Swan wrote:
Guys, if my mail server announces itself as mail.somename.com and has a
PTR that matches. I can send mail out as [EMAIL PROTECTED] or
[EMAIL PROTECTED] as long as the MX record for the domain
"anothername.com" reads as "mail.somename.com"
The original questions was how do I write a header rule similar to
below, to identify if the announce name and PTR name do not match?
header LOCAL_INVALID_PTR2 Received =~ /from \S+ \(unknown /
Doesn't sendmail usually insert the phrase "claiming to be
some.other.host" in these situations? For instance,
Received: from exchange.fccj.edu(207.203.47.99), claiming to be
"fccj-sbm-03.fccj.org"
Unfortunately a quick grep for 'claiming to' in my mail spool shows
dozens of perfectly legitimate mail servers that result in a "claiming"
header, like the one above.
The only one of these cases that I score is "claiming to be localhost"
which gets 3 points here. They're nearly always spams though they're
usually tagged by other rules. A quick grep of my logs shows that the
lowest SA score received by a message that claims to be localhost is
about 10 (including the 3 points for this rule).
Peter
