SpamAssassin Rule: FORGED_RCVD_HELO

Standard description: Received: contains a forged HELO

Explanation

Every outgoing mail server SHOULD announce its FQDN (fully qualified Domain Name) in the first line of the SMTP session (note, only EHLO is REQUIRED to be a valid FQDN), however, many anti-spam systems at large ISP's and email providers are rejecting email sessions and email from hosts that appear to 'forge' their HELO line.

Many 'default' installations may 'forge' a helo line of 'localhost.localdomain', or 'localhost'. Or in the case of Microsoft Exchange server inside a local network, it may (by default) use the LOCAL name, associated with the LOCAL, internal ip address, not the external name for the external ip address.

Further Info

Example: Microsoft server at ip address 192.168.1.2, internal name is mail.local. External (Natted, public ip address) is 204.89.240.175, external name is not.mail.spammertrap.com

The 'received' line looks like this: Received: from mail.local (not.mail.spammertrap.com [204.89.240.175])

To Fix: Make sure the FQDN hostname and IP address match REVERSE and Forward DNS lookups. Then see the documentation for your OUTBOUND mail server.

The default scores for this rule can be found in the online list of tests.

Note: this rule is not part of SpamAssassin 3.2's standard ruleset! I've no idea why. -MrElvey


CategoryRule

Rules/FORGED_RCVD_HELO (last edited 2009-09-20 23:16:44 by localhost)