[Mimedefang] Including archetypal filters to include in release?
Les Mikesell
les at futuresource.com
Wed Jan 11 18:27:40 EST 2006
On Wed, 2006-01-11 at 13:03, Joseph Brennan wrote:
> In addition to scoring for syntactically invalid Helo like no dots,
> or numeric without brackets, we look up the Helo name. This allows
> us to score for syntactically correct names that do not exist.
>
>
> That test caught this:
>
> > Received: from citims2.info.citibank.com
> > (citims2.info.citibankcards.com [198.160.96.232]) by
>
> The Helo string "citims2.info.citibank.com" is not a valid hostname,
> although if you telnet 198.160.96.232 25, that's the name it gives
> in the banner. Anyway it's only mail claiming to be from a bank
> with <a ..> links to web pages. Why should we worry?
I'd expect a lot of that from multi-homed boxes and ones
behind NAT gateways. There's no requirement for mailers
to match the Helo to the interface or for all of its
interfaces to have names in public DNS.
--
Les Mikesell
lesmikesell at gmail.com
More information about the MIMEDefang
mailing list