What is the deference between (Suspicious HELO) and (ForgedHELO).
What measures does ASSP takes to distinguish between both ?
Mar-30-09 05:27:27 80047-10811 118.167.134.32 aaa@mail2000.com.tw
MessageScore is now 5, after adding 5 (Suspicious HELO - con
tains IP: '193.188.97.210')
Thanks Jeroen, very interesting setup. I'll have to investigate how to
implement the same on my Communigate pro mailserver without forcing
users to change the connection port.
Jeroen van Aart wrote:
GrayHat wrote:
For outbound as example :
user - mailserver - ASSP - same mailserver -
Hi All,
I was able to fix this issue and I'm recieving reports from ASSP fine now.
Here is the workaround I did.
1- On my mailservers, I edited the hosts file (/etc/hosts) and added
this line
10.10.10.10 assp.local (This is the IP of the assp box, assp.local
can be any domain you like)
Forged is when the sending mail server is claiming to be your mail server, so
it would send a HELO with your IP address or domain name. There may be other
things that this can be also but that's the one I see most often.
A suspicious HELO is when the sending mail server is sending localhost in
Fritz, Doug
I tried replaced the 1.5.1.0 assp.pl, with the 1.5.1.1 version, and
the problem was not resolved the same behavior. I then ran the
mod_inst.pl script and re-started assp. This seemed to do the trick.
So, I'm not sure if the new version fixed a bug, or if I was missing a