Matus UHLAR - fantomas wrote:
Matt Kettler wrote:
[snip]
if so that fake helo should not be fake :=)
Well, it shouldn't be fake, because 206.46.173.3 really is
vms173003pub.verizon.net.
However, it would appear that athena.apache.orgdidn't get an answer to
its PTR querry.. either that or the headers generated by
athena.apache.org are just broken.
On 27.06.08 14:45, mouss wrote:
qpsmtpd headers do not show rDNS.
bad. SA afaik doesn't resolve IPS in headers, it expectd MTA to use it.
iirs there was some discussion about MTA's not doing that, Maybe it could do
that for such MTAs (check list archive)
This would indeed fix the problem. but I'm not sure if it won't cause
trouble for those who use fetchmail (given that many rDNS setups are
borked, I mean).
and anyway, there's no reason to believe helo is forged since
$ host vms173003pub.verizon.net
vms173003pub.verizon.net has address 206.46.173.3
sice there's no DNS name in received and SA doesn't translate IP, it assumes
that there is no DNS so the helo is forged.
I don't know why Benny got FM_FAKE_HELO_VERIZON. Whan I get direct mail
from Matt, it does not trigger this rule, because my postfix does rDNS
lookup. When I get his mail via the list, I don't go deep past the list
server. so it's ok in both cases.
but maybe he is using fetchmail or similar?