You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by Apache Wiki <wi...@apache.org> on 2008/08/05 01:13:24 UTC
[Spamassassin Wiki] Update of "Rules/HELO DYNAMIC DHCP" by LeeMaguire
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.
The following page has been changed by LeeMaguire:
http://wiki.apache.org/spamassassin/Rules/HELO_DYNAMIC_DHCP
New page:
#language en
== SpamAssassin Rule: HELO_DYNAMIC_DHCP ==
''Standard description:'' Relay HELO'd using suspicious hostname (DHCP)
=== Explanation ===
An untrusted relay used a hostname (FQDN) as a HELO argument during a SMTP transaction that appears to suggest a dynamically allocated hostname. For example "dhcp192-0-2-32.example.com".
This style of hostname is commonly found in the reverse DNS records for dynamically allocated addresses. It's possible that a spam-engine on a hijacked PC will use a reverse DNS lookup of its own address to formulate a valid HELO argument.
=== Further Info ===
The default scores for this rule can be found [http://spamassassin.apache.org/tests.html in the online list of tests].
The IETF's [http://www.ietf.org/html.charters/dnsop-charter.html dnsop] working group
has a draft memo regarding a [http://tools.ietf.org/html/draft-msullivan-dnsop-generic-naming-schemes-00 suggested naming scheme] for reverse DNS.
----
CategoryRule