You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Jeremy Fairbrass <jf...@hotmail.com> on 2007/01/09 11:01:20 UTC

Bug with FAKE_HELO_MSN

Hi all,
I'm not sure if this is a bug with the FAKE_HELO_MSN rule, or if I'm just 
overlooking something...

I just received a legitimate email from MSN.com (to verify an email address 
for MSN Messenger). The email triggered the FAKE_HELO_MSN rule, but I can't 
see why. Here are the 3 Received headers that appeared in the email:


Received: from servera02.blusmtp4.msn.com (servera02.blusmtp.msn.com 
[65.55.238.141])
 by myserver.com (myserver.com [123.123.123.123])
 with ESMTP id md50000080742.msg
 for <me...@mydomain.com>; Tue, 09 Jan 2007 10:12:33 +0100
Received: from servera03.tk2smtp4.msn.com ([10.20.194.192]) by 
servera02.blusmtp4.msn.com with Microsoft SMTPSVC(6.0.3790.1830);
  Tue, 9 Jan 2007 04:12:07 -0500
Received: from TK2PPBAT3A01 ([65.54.136.164]) by servera03.tk2smtp4.msn.com 
with Microsoft SMTPSVC(6.0.3790.1830);
  Tue, 9 Jan 2007 01:12:06 -0800


As you can see, the host and rDNS are both ending with msn.com - why did the 
rule trigger?

I assume this rule only checks against the most recent Received header, 
right? Or does it check against all Received headers? Regardless, it should 
not have fired even against any of the older Received headers, as far as I 
can tell.

Any comments?

Cheers,
Jeremy