Henrik K wrote:
> On Wed, Mar 19, 2008 at 05:35:32PM +0100, mouss wrote:
>
>> Henrik K wrote:
>>
>>> On Wed, Mar 19, 2008 at 02:48:34PM +0100, mouss wrote:
>>>
>>>
>>>> Luis Hernán Otegui wrote:
>>>>
>>>>
>>>>>> [snip]
>>>>>>
>>>>>> how about something like
>>>>>>
>>>>>> header NONFQHELO_DYN1 X-Spam-Relays-Untrusted =~ /^[^\]]+
>>>>>> rdns=\S*[^a-z]{9}\S+ helo=[^\.\s]+ /i
>>>>>> score NONFQHELO_DYN1 3.0
>>>>>> describe NONFQHELO_DYN1 non fqdn helo from dynamic client
>>>>>>
>>>>>> ?
>>>>>>
>>>>>>
>>>>> I'll go with this, and tomorrow we'll see. Thanks a LOT to everybody
>>>>> for their suggestions. They've gone right into my documentation folder
>>>>> ;-)
>>>>>
>>>>>
>>>> beware. that was a question, not a suggestion! I only ran it on very
>>>> few messages, so it's completely untested.
>>>>
>>>>
>>> It should use X-Spam-Relays-External. Still a common minconception that
>>> untrusted == external.
>>>
>>>
>>>

>> can you explain why it should use *-external instead of *-untrusted?
>>

>
> Inspired by this thread I submitted this, which should explain it:
>
> https://issues.apache.org/SpamAssass...ug.cgi?id=5856
>
>


it's because you are trusting the ISP MSA. I am not. I only trust my ISP
and my registrar MX. no MUA should talk to them.

*-external wouldn't bring me anything, because I am already doing checks
at the MTA level, so the zombie won't get to SA if it matches such
rules. In particular, I reject non fqdn helo on the MX unconditionally
(I know this may catch misconfigured sites, but I currently don't care).