[Spamassassin Wiki] Update of "Rules/FH HELO EQ D D D D" by LeeMaguire

[Apache Wiki <wi...@apache.org>]

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.

The following page has been changed by LeeMaguire:
http://wiki.apache.org/spamassassin/Rules/FH_HELO_EQ_D_D_D_D

------------------------------------------------------------------------------
- Describe Rules/FH HELO EQ D D D D here.
+ #language en
+ == SpamAssassin Rule: FH_HELO_EQ_D_D_D_D ==
  
- Seems to be denied by the EHLO line:
+ ''Standard description:'' Helo is d-d-d-d
  
- Received: from NathsComputer ([180.181.149.79]:32593 "EHLO NathsComputer"
+ === Explanation ===
  
- (note the d.d.d.d ip and no domain)
+ This rule checks the HELO identifier of the last untrusted relay and matches if the HELO argument contains four numbers (1 to three digits in length) separated by dashes.  This is a common method for encoding IPv4 addresses into reverse DNS entries for dynamically allocated address ranges.
  
+ Since it is not usually expected that servers are given canonical hostnames that encode their IPv4 addresses, the means that the mailer process is probably using information from reverse DNS for its configuration.  This indicates that it is not a normally configured mail server, and may well be a bot running on a hijacked PC.
+  
+ === Further Info ===
+ 
+ The default scores for this rule can be found [http://spamassassin.apache.org/tests.html in the online list of tests].
+ 
+ ----
+ CategoryRule
+