Matus UHLAR - fantomas a écrit : > [snip] >> >> Are >> - iol.cz >> - telenet.cz >> - hotelulipy.cz >> >> the same organisation? > >> if not, this is direct to MX junk. > > ...your presumption that the Received: header is the only one is false. >
I didn't presume that. I was only looking at that one Received header, because it meant: some client in the .telenet.cz domain connected to a server in the .hotelulipy.cz domain and helo'ed with an IP in the .iol.cz domain. I would "understand" this if these domains belong to the same organisation, in which case NAT is a possible explanation. >> BTW. which (legitimate and not outdated) mail clients helo with a bare IP? a quick grep shows that something called "Gmexim" (is this a sort of "gmane patched exim"?) does so. > [snip] > Can someone please try to do > > meta RCVD_HELO_NUMERIC_MISMATCH (RCVD_HELO_IP_MISMATCH && RCVD_NUMERIC_HELO) > I now realize that RCVD_NUMERIC_HELO also fires on valid "literal" IP helo, not only on "bare IP helo". the helo rules may need a review... > and check, or should I fill yes, please fill (I guess you meant a PR ;-p).