Differences between revisions 2 and 3
Revision 2 as of 2008-08-17 22:56:16
Size: 1036
Editor: LeeMaguire
Comment: link to HELO_DYNAMIC_IPADDR
Revision 3 as of 2009-09-20 23:16:29
Size: 1043
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 14: Line 14:
The default scores for this rule can be found [http://spamassassin.apache.org/tests.html in the online list of tests]. The default scores for this rule can be found [[http://spamassassin.apache.org/tests.html|in the online list of tests]].
Line 16: Line 16:
See also [:Rules/HELO_DYNAMIC_IPADDR] See also [[Rules/HELO_DYNAMIC_IPADDR]]
Line 18: Line 18:
The IETF's [http://www.ietf.org/html.charters/dnsop-charter.html dnsop] working group
has a draft memo regarding a [http://tools.ietf.org/html/draft-msullivan-dnsop-generic-naming-schemes-00 suggested naming scheme] for reverse DNS.
The IETF's [[http://www.ietf.org/html.charters/dnsop-charter.html|dnsop]] working group
has a draft memo regarding a [[http://tools.ietf.org/html/draft-msullivan-dnsop-generic-naming-schemes-00|suggested naming scheme]] for reverse DNS.

SpamAssassin Rule: HELO_DYNAMIC_DHCP

Standard description: Relay HELO'd using suspicious hostname (DHCP)

Explanation

An untrusted relay used a hostname (FQDN) as a HELO argument during a SMTP transaction that appears to suggest a dynamically allocated hostname. For example "dhcp192-0-2-32.example.com".

This style of hostname is commonly found in the reverse DNS records for dynamically allocated addresses. It's possible that a spam-engine on a hijacked PC will use a reverse DNS lookup of its own address to formulate a valid HELO argument.

Further Info

The default scores for this rule can be found in the online list of tests.

See also Rules/HELO_DYNAMIC_IPADDR

The IETF's dnsop working group has a draft memo regarding a suggested naming scheme for reverse DNS.


CategoryRule

Rules/HELO_DYNAMIC_DHCP (last edited 2009-09-20 23:16:29 by localhost)