> -----Messaggio originale----- > Da: Matt Kettler [mailto:[EMAIL PROTECTED] > Inviato: martedì 14 agosto 2007 13.38 > A: Claude Frantz > Cc: users@spamassassin.apache.org > Oggetto: Re: a small explanation on rule FORGED_RCVD_HELO > > Claude Frantz wrote: > > Matt Kettler wrote: > > > >> It looks for a HELO doesn't match against the reverse DNS for the IP > >> address. > > > > Please note the case of clients connected to the network via NAT and > > using dynamic IP addresses. In the general case, such clients do not > > known about the IP address to which one their local address is > > translated using NAT. Such clients cannot set a correct HELO. > Which is one of the many, many, many reasons this rule had a high > false > positive rate, thus had a low score in 3.1.x and was removed from > 3.2.x. > > I don't think anyone believes this rule is a good one, and the above > facts (mentioned in the very post you replied to) indicate the SA team > knows this already.
I agree with you. If I'm correctly recalling, this kind of check was first suggested even in the (in)famous BOTNET plugin and then not implemented even there. The reason was that most people who legitimately run an MX server don't have any access to their rDNS records and they would not like to HELO with something different to the DNS name they assigned to the MX. Actually, the BOTNET plugin implements a less strict "HELO to IP" and an "IP to rDNS to DNS" check. Again, if I'm not recalling wrong. Please note I wrote "the (in)famous BOTNET plugin" just because at the age there was a lot of debate on it, since mail sent from most small and tiny service providers would have probably failed at least one of its checks. Nevertheless, many in this list were endorsing it. Giampaolo
