Claude Frantz wrote: > Matt Kettler wrote: > >> It looks for a HELO doesn't match against the reverse DNS for the IP >> address. > > Please note the case of clients connected to the network via NAT and > using dynamic IP addresses. In the general case, such clients do not > known about the IP address to which one their local address is > translated using NAT. Such clients cannot set a correct HELO. Which is one of the many, many, many reasons this rule had a high false positive rate, thus had a low score in 3.1.x and was removed from 3.2.x.
I don't think anyone believes this rule is a good one, and the above facts (mentioned in the very post you replied to) indicate the SA team knows this already.
