> -----Messaggio originale-----
> Da: Matt Kettler [mailto:mkettler_sa@verizon.net]
> Inviato: marted=EC 14 agosto 2007 13.38
> A: Claude Frantz
> Cc: users@spamassassin.apache.org
> Oggetto: Re: a small explanation on rule FORGED_RCVD_HELO
>=20
> Claude Frantz wrote:
> > Matt Kettler wrote:
> >
> >> It looks for a HELO doesn't match against the reverse DNS for the =

IP
> >> address.

> >
> > Please note the case of clients connected to the network via NAT and
> > using dynamic IP addresses. In the general case, such clients do not
> > known about the IP address to which one their local address is
> > translated using NAT. Such clients cannot set a correct HELO.

> Which is one of the many, many, many reasons this rule had a high
> false
> positive rate, thus had a low score in 3.1.x and was removed from
> 3.2.x.
>=20
> I don't think anyone believes this rule is a good one, and the above
> facts (mentioned in the very post you replied to) indicate the SA team
> knows this already.


I agree with you. If I'm correctly recalling, this kind of check was =
first
suggested even in the (in)famous BOTNET plugin and then not implemented =
even
there. The reason was that most people who legitimately run an MX server
don't have any access to their rDNS records and they would not like to =
HELO
with something different to the DNS name they assigned to the MX. =
Actually,
the BOTNET plugin implements a less strict "HELO to IP" and an "IP to =
rDNS
to DNS" check. Again, if I'm not recalling wrong.

Please note I wrote "the (in)famous BOTNET plugin" just because at the =
age
there was a lot of debate on it, since mail sent from most small and =
tiny
service providers would have probably failed at least one of its checks.
Nevertheless, many in this list were endorsing it.

Giampaolo