You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by Apache Wiki <wi...@apache.org> on 2008/08/05 01:13:24 UTC

[Spamassassin Wiki] Update of "Rules/HELO DYNAMIC DHCP" by LeeMaguire

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.

The following page has been changed by LeeMaguire:
http://wiki.apache.org/spamassassin/Rules/HELO_DYNAMIC_DHCP

New page:
#language en
== SpamAssassin Rule: HELO_DYNAMIC_DHCP ==

''Standard description:'' Relay HELO'd using suspicious hostname (DHCP)

=== Explanation ===

An untrusted relay used a hostname (FQDN) as a HELO argument during a SMTP transaction that appears to suggest a dynamically allocated hostname. For example "dhcp192-0-2-32.example.com".

This style of hostname is commonly found in the reverse DNS records for dynamically allocated addresses.  It's possible that a spam-engine on a hijacked PC will use a reverse DNS lookup of its own address to formulate a valid HELO argument.

=== Further Info ===

The default scores for this rule can be found [http://spamassassin.apache.org/tests.html in the online list of tests].

The IETF's [http://www.ietf.org/html.charters/dnsop-charter.html dnsop] working group
has a draft memo regarding a [http://tools.ietf.org/html/draft-msullivan-dnsop-generic-naming-schemes-00 suggested naming scheme] for reverse DNS.

----
CategoryRule