converted to 1.6 markup
|Deletions are marked like this.||Additions are marked like this.|
|Line 25:||Line 25:|
|The default scores for this rule can be found [http://spamassassin.apache.org/tests.html in the online list of tests].||The default scores for this rule can be found [[http://spamassassin.apache.org/tests.html|in the online list of tests]].|
SpamAssassin Rule: FORGED_RCVD_HELO
Standard description: Received: contains a forged HELO
Every outgoing mail server SHOULD announce its FQDN (fully qualified Domain Name) in the first line of the SMTP session (note, only EHLO is REQUIRED to be a valid FQDN), however, many anti-spam systems at large ISP's and email providers are rejecting email sessions and email from hosts that appear to 'forge' their HELO line.
Many 'default' installations may 'forge' a helo line of 'localhost.localdomain', or 'localhost'. Or in the case of Microsoft Exchange server inside a local network, it may (by default) use the LOCAL name, associated with the LOCAL, internal ip address, not the external name for the external ip address.
Example: Microsoft server at ip address 192.168.1.2, internal name is mail.local. External (Natted, public ip address) is 22.214.171.124, external name is not.mail.spammertrap.com
The 'received' line looks like this: Received: from mail.local (not.mail.spammertrap.com [126.96.36.199])
To Fix: Make sure the FQDN hostname and IP address match REVERSE and Forward DNS lookups. Then see the documentation for your OUTBOUND mail server.
The default scores for this rule can be found in the online list of tests.