Re: understanding HELO_DYNAMIC_IPADDR

Sat, 14 May 2016 14:52:08 -0700 

On 13 May 2016, at 15:29, Daniel J. Luke wrote:
On May 13, 2016, at 2:26 PM, Kim Roar Foldøy Hauge <k...@samfunnet.no> wrote:
This is NOT a practical solution. You can't expect administrators to know about this problem, some styles of hostnames not playing well with SA. 


Note that this isn't just a 'spamassassin' issue. You will likely 
experience delivery problems to many hosts as long as your dns or rdns 
'looks like' a dynamic system.


While you are at it, make sure your forward and reverse dns match.



1. Use of generic 2nd person is really inappropriate here. The DNS 
involved isn't under the control of anyone in the conversation, so even 
if we stipulate that something about the naming is bad and/or wrong, 
there's no "you" here responsible for any error.



2. The original case in question of webmail-201.76.63.163.ig.com.br has 
a perfectly find A record resolving to 201.76.63.163, which has a PTR 
resolving back to webmail-201.76.63.163.ig.com.br. So the HELO name is 
perfectly consistent with DNS. Nothing to fix there.



3. Yes, as a practical matter a mail system architect should be aware of 
the fact that names which obviously embed IP addresses are viewed with 
suspicion and avoid them. That's not an issue of principle, it is an 
issue of recognizing the pragmatic fact that Sturgeon's Law applies to 
the population of people deploying heuristic spam filters. A competing 
pragmatic constraint: devising a scalable simple naming scheme for a 
complex mail system with functionally identical machines whose only 
obvious differentiator is each one's unique IP address.



4. The fact that SA is probably not alone in detecting that as a dynamic 
name is no excuse. Note the relevant rule definition:



   meta HELO_DYNAMIC_IPADDR (__HELO_DYNAMIC_IPADDR && 
!HELO_STATIC_HOST)



So a framework is already in place by which exceptions are made to the 
blanket arbitrary commandment that "Thou Shalt Not Embed IPs In Outbound 
Mail Server Names!" Currently that's trivial: there's one exception, for 
cmr-[IP].rogers.com names. I see no reason not to add an exception for 
webmail-[IP].ig.com.br names, as there is clearly an intent by whoever 
created HELO_DYNAMIC_IPADDR to make it smarter than your average random 
mail admin writing regexes.





















					Reply via email to