Differences between revisions 2 and 3
Revision 2 as of 2007-09-30 02:25:33
Size: 1497
Editor: c-76-21-22-240
Comment: Disabled!?!
Revision 3 as of 2009-09-20 23:16:44
Size: 1499
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 25: Line 25:
The default scores for this rule can be found [http://spamassassin.apache.org/tests.html in the online list of tests]. The default scores for this rule can be found [[http://spamassassin.apache.org/tests.html|in the online list of tests]].

SpamAssassin Rule: FORGED_RCVD_HELO

Standard description: Received: contains a forged HELO


Every outgoing mail server SHOULD announce its FQDN (fully qualified Domain Name) in the first line of the SMTP session (note, only EHLO is REQUIRED to be a valid FQDN), however, many anti-spam systems at large ISP's and email providers are rejecting email sessions and email from hosts that appear to 'forge' their HELO line.

Many 'default' installations may 'forge' a helo line of 'localhost.localdomain', or 'localhost'. Or in the case of Microsoft Exchange server inside a local network, it may (by default) use the LOCAL name, associated with the LOCAL, internal ip address, not the external name for the external ip address.

Further Info

Example: Microsoft server at ip address, internal name is mail.local. External (Natted, public ip address) is, external name is not.mail.spammertrap.com

The 'received' line looks like this: Received: from mail.local (not.mail.spammertrap.com [])

To Fix: Make sure the FQDN hostname and IP address match REVERSE and Forward DNS lookups. Then see the documentation for your OUTBOUND mail server.

The default scores for this rule can be found in the online list of tests.

Note: this rule is not part of SpamAssassin 3.2's standard ruleset! I've no idea why. -MrElvey


Rules/FORGED_RCVD_HELO (last edited 2009-09-20 23:16:44 by localhost)