You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by John van Oppen <jo...@vanoppen.com> on 2006/12/22 23:54:12 UTC
test of HELO addresses
So, what I am looking for is a test that looks up the HELO address in
DNS and compares it to the IP that it was sourced from.
I have some spam with the following received characteristics which would
have been a great demo for this possible test:
Received: from cpe-76-190-23-240.woh.res.rr.com (HELO earthlink.net)
(76.190.23.240)
by 0 with SMTP; Fri, 22 Dec 2006 14:48:14 -0800
From: "Kristi B Valladares" <kr...@earthlink.net>
What I want to do is lookup the HELO data in DNS (in this case
earthlink.net) and confirm that the IP it was received from (in this
case 76.190.23.240) is not the IP address (or even in the same subnet)
that the HELO resolves to.
Is there a test that already does this?
Thanks,
John
RE: test of HELO addresses
Posted by Sietse van Zanen <si...@wizdom.nu>.
Yes, it's called HELO tests.
This example you give should be tagged with FORGED_RCVD_HELO
And SA does loads more HELO tests by default, if it's not working
there's probably something wrong with your DNS setup (missing Net::DNS
or something like that).
Go the the /usr/share/spamassassin/ dir and do a 'grep HELO *' and see
how much it comes up with.
-Sietse
-----Original Message-----
From: John van Oppen [mailto:john@vanoppen.com]
Sent: Friday, December 22, 2006 23:54
To: users@spamassassin.apache.org
Subject: test of HELO addresses
So, what I am looking for is a test that looks up the HELO address in
DNS and compares it to the IP that it was sourced from.
I have some spam with the following received characteristics which would
have been a great demo for this possible test:
Received: from cpe-76-190-23-240.woh.res.rr.com (HELO earthlink.net)
(76.190.23.240)
by 0 with SMTP; Fri, 22 Dec 2006 14:48:14 -0800
From: "Kristi B Valladares" <kr...@earthlink.net>
What I want to do is lookup the HELO data in DNS (in this case
earthlink.net) and confirm that the IP it was received from (in this
case 76.190.23.240) is not the IP address (or even in the same subnet)
that the HELO resolves to.
Is there a test that already does this?
Thanks,
John