You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Sasori_no_Suna <lo...@free.fr> on 2007/08/10 10:08:48 UTC
a small explanation on rule FORGED_RCVD_HELO
hello all , I want just to know about this rule FORGED_RCVD_HELO what does it
mean ? and on the result of spamassassin, why I have always that I need
just explanation thank
--
View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087088
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: a small explanation on rule FORGED_RCVD_HELO
Posted by Kai Schaetzl <ma...@conactive.com>.
Claude Frantz wrote on Tue, 14 Aug 2007 11:11:31 +0200:
> Please note the case of clients connected to the network via NAT and
> using dynamic IP addresses. In the general case, such clients do not
> known about the IP address to which one their local address is
> translated using NAT. Such clients cannot set a correct HELO.
I would guess the rule uses only the last non-trusted received = it
compares the HELO *we* got from it with the rDNS.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
R: a small explanation on rule FORGED_RCVD_HELO
Posted by Giampaolo Tomassoni <g....@libero.it>.
> -----Messaggio originale-----
> Da: Matt Kettler [mailto:mkettler_sa@verizon.net]
> Inviato: martedì 14 agosto 2007 13.38
> A: Claude Frantz
> Cc: users@spamassassin.apache.org
> Oggetto: Re: a small explanation on rule FORGED_RCVD_HELO
>
> Claude Frantz wrote:
> > Matt Kettler wrote:
> >
> >> It looks for a HELO doesn't match against the reverse DNS for the IP
> >> address.
> >
> > Please note the case of clients connected to the network via NAT and
> > using dynamic IP addresses. In the general case, such clients do not
> > known about the IP address to which one their local address is
> > translated using NAT. Such clients cannot set a correct HELO.
> Which is one of the many, many, many reasons this rule had a high
> false
> positive rate, thus had a low score in 3.1.x and was removed from
> 3.2.x.
>
> I don't think anyone believes this rule is a good one, and the above
> facts (mentioned in the very post you replied to) indicate the SA team
> knows this already.
I agree with you. If I'm correctly recalling, this kind of check was first
suggested even in the (in)famous BOTNET plugin and then not implemented even
there. The reason was that most people who legitimately run an MX server
don't have any access to their rDNS records and they would not like to HELO
with something different to the DNS name they assigned to the MX. Actually,
the BOTNET plugin implements a less strict "HELO to IP" and an "IP to rDNS
to DNS" check. Again, if I'm not recalling wrong.
Please note I wrote "the (in)famous BOTNET plugin" just because at the age
there was a lot of debate on it, since mail sent from most small and tiny
service providers would have probably failed at least one of its checks.
Nevertheless, many in this list were endorsing it.
Giampaolo
Re: a small explanation on rule FORGED_RCVD_HELO
Posted by Matt Kettler <mk...@verizon.net>.
Claude Frantz wrote:
> Matt Kettler wrote:
>
>> It looks for a HELO doesn't match against the reverse DNS for the IP
>> address.
>
> Please note the case of clients connected to the network via NAT and
> using dynamic IP addresses. In the general case, such clients do not
> known about the IP address to which one their local address is
> translated using NAT. Such clients cannot set a correct HELO.
Which is one of the many, many, many reasons this rule had a high false
positive rate, thus had a low score in 3.1.x and was removed from 3.2.x.
I don't think anyone believes this rule is a good one, and the above
facts (mentioned in the very post you replied to) indicate the SA team
knows this already.
Re: a small explanation on rule FORGED_RCVD_HELO
Posted by Claude Frantz <cl...@pc0312b.rz.unibw-muenchen.de>.
Matt Kettler wrote:
> It looks for a HELO doesn't match against the reverse DNS for the IP
> address.
Please note the case of clients connected to the network via NAT and
using dynamic IP addresses. In the general case, such clients do not
known about the IP address to which one their local address is
translated using NAT. Such clients cannot set a correct HELO.
Claude
Re: a small explanation on rule FORGED_RCVD_HELO
Posted by Matt Kettler <mk...@verizon.net>.
Sasori_no_Suna wrote:
> hello all , I want just to know about this rule FORGED_RCVD_HELO what does it
> mean ? and on the result of spamassassin, why I have always that I need
> just explanation thank
>
It looks for a HELO doesn't match against the reverse DNS for the IP
address.
However, it should also be noted that this rule is dead. 3.2.0 and
higher no longer include it.
Even in 3.1.x the score of this rule is very small and negligable due to
its high false-positive rate.
RE: a small explanation on rule FORGED_RCVD_HELO
Posted by Sasori_no_Suna <lo...@free.fr>.
more explanation please
:confused:
Sasori_no_Suna wrote:
>
> ah ok thank you for you answere :handshake:
>
> Klas Nyström wrote:
>>
>> My guess is that its when your mailserver receives a mail via SMTP and
>> the sender identifies itself as the receiving mailserver or perhaps if it
>> identifies as a host without reverse lookup. I havnt really looked in to
>> it but can anyone confirm this?
>>
>> /KN
>>
>> -----Original Message-----
>> From: Sasori_no_Suna [mailto:lochness5@free.fr]
>> Sent: den 10 augusti 2007 10:10
>> To: users@spamassassin.apache.org
>> Subject: a small explanation on rule FORGED_RCVD_HELO
>>
>>
>> hello all , I want just to know about this rule FORGED_RCVD_HELO what
>> does it mean ? and on the result of spamassassin, why I have always that
>> I need just explanation thank
>>
>> ps:excuse me for my bad english:-/
>> --
>> View this message in context:
>> http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087088
>> Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12088661
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: a small explanation on rule FORGED_RCVD_HELO
Posted by Sasori_no_Suna <lo...@free.fr>.
ah ok thank you for you answere :handshake:
Klas Nyström wrote:
>
> My guess is that its when your mailserver receives a mail via SMTP and the
> sender identifies itself as the receiving mailserver or perhaps if it
> identifies as a host without reverse lookup. I havnt really looked in to
> it but can anyone confirm this?
>
> /KN
>
> -----Original Message-----
> From: Sasori_no_Suna [mailto:lochness5@free.fr]
> Sent: den 10 augusti 2007 10:10
> To: users@spamassassin.apache.org
> Subject: a small explanation on rule FORGED_RCVD_HELO
>
>
> hello all , I want just to know about this rule FORGED_RCVD_HELO what does
> it mean ? and on the result of spamassassin, why I have always that I
> need just explanation thank
>
> ps:excuse me for my bad english:-/
> --
> View this message in context:
> http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087088
> Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
>
>
>
--
View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087639
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: a small explanation on rule FORGED_RCVD_HELO
Posted by Klas Nyström <Kl...@secode.com>.
My guess is that its when your mailserver receives a mail via SMTP and the sender identifies itself as the receiving mailserver or perhaps if it identifies as a host without reverse lookup. I havnt really looked in to it but can anyone confirm this?
/KN
-----Original Message-----
From: Sasori_no_Suna [mailto:lochness5@free.fr]
Sent: den 10 augusti 2007 10:10
To: users@spamassassin.apache.org
Subject: a small explanation on rule FORGED_RCVD_HELO
hello all , I want just to know about this rule FORGED_RCVD_HELO what does it mean ? and on the result of spamassassin, why I have always that I need just explanation thank
ps:excuse me for my bad english:-/
--
View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087088
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.