|

»

»

SpamAssassin - Users

a small explanation on rule FORGED_RCVD_HELO

View: New views

9 Messages — Rating Filter: Alert me

	a small explanation on rule FORGED_RCVD_HELO by Sasori_no_Suna :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message hello all , I want just to know about this rule FORGED_RCVD_HELO what does it mean ? and on the result of spamassassin, why I have always that I need just explanation thank ps:excuse me for my bad english
	RE: a small explanation on rule FORGED_RCVD_HELO by Klas Nyström :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message My guess is that its when your mailserver receives a mail via SMTP and the sender identifies itself as the receiving mailserver or perhaps if it identifies as a host without reverse lookup. I havnt really looked in to it but can anyone confirm this? /KN -----Original Message----- From: Sasori_no_Suna [mailto:lochness5@...] Sent: den 10 augusti 2007 10:10 To: users@... Subject: a small explanation on rule FORGED_RCVD_HELO hello all , I want just to know about this rule FORGED_RCVD_HELO what does it mean ? and on the result of spamassassin, why I have always that I need just explanation thank ps:excuse me for my bad english:-/ -- View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087088 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
	RE: a small explanation on rule FORGED_RCVD_HELO by Sasori_no_Suna :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message ah ok thank you for you answere Klas Nyström wrote: My guess is that its when your mailserver receives a mail via SMTP and the sender identifies itself as the receiving mailserver or perhaps if it identifies as a host without reverse lookup. I havnt really looked in to it but can anyone confirm this? /KN -----Original Message----- From: Sasori_no_Suna [mailto:lochness5@free.fr] Sent: den 10 augusti 2007 10:10 To: users@spamassassin.apache.org Subject: a small explanation on rule FORGED_RCVD_HELO hello all , I want just to know about this rule FORGED_RCVD_HELO what does it mean ? and on the result of spamassassin, why I have always that I need just explanation thank ps:excuse me for my bad english:-/ -- View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087088 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
	RE: a small explanation on rule FORGED_RCVD_HELO by Sasori_no_Suna :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message more explanation please ah ok thank you for you answere Klas Nyström wrote: My guess is that its when your mailserver receives a mail via SMTP and the sender identifies itself as the receiving mailserver or perhaps if it identifies as a host without reverse lookup. I havnt really looked in to it but can anyone confirm this? /KN -----Original Message----- From: Sasori_no_Suna [mailto:lochness5@free.fr] Sent: den 10 augusti 2007 10:10 To: users@spamassassin.apache.org Subject: a small explanation on rule FORGED_RCVD_HELO hello all , I want just to know about this rule FORGED_RCVD_HELO what does it mean ? and on the result of spamassassin, why I have always that I need just explanation thank ps:excuse me for my bad english:-/ -- View this message in context: http://www.nabble.com/a-small-explanation-on-rule-FORGED_RCVD_HELO-tf4247254.html#a12087088 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
	Re: a small explanation on rule FORGED_RCVD_HELO by Matt Kettler-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Sasori_no_Suna wrote: > hello all , I want just to know about this rule FORGED_RCVD_HELO what does it > mean ? and on the result of spamassassin, why I have always that I need > just explanation thank > It looks for a HELO doesn't match against the reverse DNS for the IP address. However, it should also be noted that this rule is dead. 3.2.0 and higher no longer include it. Even in 3.1.x the score of this rule is very small and negligable due to its high false-positive rate.
	Re: a small explanation on rule FORGED_RCVD_HELO by Claude Frantz-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Matt Kettler wrote: > It looks for a HELO doesn't match against the reverse DNS for the IP > address. Please note the case of clients connected to the network via NAT and using dynamic IP addresses. In the general case, such clients do not known about the IP address to which one their local address is translated using NAT. Such clients cannot set a correct HELO. Claude
	Re: a small explanation on rule FORGED_RCVD_HELO by Kai Schaetzl :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Claude Frantz wrote on Tue, 14 Aug 2007 11:11:31 +0200: > Please note the case of clients connected to the network via NAT and > using dynamic IP addresses. In the general case, such clients do not > known about the IP address to which one their local address is > translated using NAT. Such clients cannot set a correct HELO. I would guess the rule uses only the last non-trusted received = it compares the HELO we got from it with the rDNS. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
	Re: a small explanation on rule FORGED_RCVD_HELO by Matt Kettler-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Claude Frantz wrote: > Matt Kettler wrote: > >> It looks for a HELO doesn't match against the reverse DNS for the IP >> address. > > Please note the case of clients connected to the network via NAT and > using dynamic IP addresses. In the general case, such clients do not > known about the IP address to which one their local address is > translated using NAT. Such clients cannot set a correct HELO. Which is one of the many, many, many reasons this rule had a high false positive rate, thus had a low score in 3.1.x and was removed from 3.2.x. I don't think anyone believes this rule is a good one, and the above facts (mentioned in the very post you replied to) indicate the SA team knows this already.
	R: a small explanation on rule FORGED_RCVD_HELO by Giampaolo Tomassoni :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > -----Messaggio originale----- > Da: Matt Kettler [mailto:mkettler_sa@...] > Inviato: martedì 14 agosto 2007 13.38 > A: Claude Frantz > Cc: users@... > Oggetto: Re: a small explanation on rule FORGED_RCVD_HELO > > Claude Frantz wrote: > > Matt Kettler wrote: > > > >> It looks for a HELO doesn't match against the reverse DNS for the IP > >> address. > > > > Please note the case of clients connected to the network via NAT and > > using dynamic IP addresses. In the general case, such clients do not > > known about the IP address to which one their local address is > > translated using NAT. Such clients cannot set a correct HELO. > Which is one of the many, many, many reasons this rule had a high > false > positive rate, thus had a low score in 3.1.x and was removed from > 3.2.x. > > I don't think anyone believes this rule is a good one, and the above > facts (mentioned in the very post you replied to) indicate the SA team > knows this already. I agree with you. If I'm correctly recalling, this kind of check was first suggested even in the (in)famous BOTNET plugin and then not implemented even there. The reason was that most people who legitimately run an MX server don't have any access to their rDNS records and they would not like to HELO with something different to the DNS name they assigned to the MX. Actually, the BOTNET plugin implements a less strict "HELO to IP" and an "IP to rDNS to DNS" check. Again, if I'm not recalling wrong. Please note I wrote "the (in)famous BOTNET plugin" just because at the age there was a lot of debate on it, since mail sent from most small and tiny service providers would have probably failed at least one of its checks. Nevertheless, many in this list were endorsing it. Giampaolo