Differences between revisions 4 and 5
Revision 4 as of 2008-08-17 22:53:54
Size: 960
Editor: LeeMaguire
Comment:
Revision 5 as of 2009-09-20 23:16:56
Size: 963
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 14: Line 14:
The default scores for this rule can be found [http://spamassassin.apache.org/tests.html in the online list of tests]. The default scores for this rule can be found [[http://spamassassin.apache.org/tests.html|in the online list of tests]].
Line 16: Line 16:
See also [:Rules/HELO_DYNAMIC_IPADDR] See also [[Rules/HELO_DYNAMIC_IPADDR]]

SpamAssassin Rule: FH_HELO_EQ_D_D_D_D

Standard description: Helo is d-d-d-d

Explanation

This rule checks the HELO identifier of the last untrusted relay and matches if the HELO argument contains four numbers (1 to three digits in length) separated by dashes. This is a common method for encoding IPv4 addresses into reverse DNS entries for dynamically allocated address ranges.

Since it is not usually expected that servers are given canonical hostnames that encode their IPv4 addresses, the means that the mailer process is probably using information from reverse DNS for its configuration. This indicates that it is not a normally configured mail server, and may well be a bot running on a hijacked PC.

Further Info

The default scores for this rule can be found in the online list of tests.

See also Rules/HELO_DYNAMIC_IPADDR


CategoryRule

Rules/FH_HELO_EQ_D_D_D_D (last edited 2009-09-20 23:16:56 by localhost)