Hi everyone, I am trying to resolve what I perceive to be a configuration issue, but may indicate an underlying problem: Under what conditions would a HELO check be skipped?
Please take a close look at the following log entries. This is an example of something I have been watching happen increasingly in the past (7) days. The HELO check does not process during the second delayed SMTP session: (watch for wrap) -----[Initial delayed session]----- Nov-20-06 22:34:02 Connected: 219.131.5.49:1305 -> 127.0.0.1:25 -> 127.0.0.1:26 Nov-20-06 22:34:11 219.131.5.49 <[EMAIL PROTECTED]> adding new triplet: (219.131.5.0,[EMAIL PROTECTED],[EMAIL PROTECTED]) Nov-20-06 22:34:11 219.131.5.49 <[EMAIL PROTECTED]> recipient delayed: [EMAIL PROTECTED] Nov-20-06 22:34:17 219.131.5.49 <[EMAIL PROTECTED]> is disconnected -----[Waited 15 minutes, rejected for HELO]----- Nov-20-06 22:49:22 Connected: 219.131.5.49:1378 -> 127.0.0.1:25 -> 127.0.0.1:26 Nov-20-06 22:49:34 219.131.5.49 <[EMAIL PROTECTED]> whitelisting triplet: (219.131.5.0,[EMAIL PROTECTED],[EMAIL PROTECTED]) waited: 15m 23s Nov-20-06 22:49:36 219.131.5.49 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] Validate Sender: Invalid HELO Format 'meizu' Nov-20-06 22:49:36 219.131.5.49 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] deleting spamming whitelisted tuplet: (219.131.5.0,kociba.net) age: 2s Nov-20-06 22:49:51 219.131.5.49 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] is disconnected -----[Second delayed session, immeadiately following previous rejection]----- Nov-20-06 22:49:54 Connected: 219.131.5.49:1451 -> 127.0.0.1:25 -> 127.0.0.1:26 Nov-20-06 22:49:56 219.131.5.49 <[EMAIL PROTECTED]> adding new triplet: (219.131.5.0,[EMAIL PROTECTED],[EMAIL PROTECTED]) Nov-20-06 22:49:56 219.131.5.49 <[EMAIL PROTECTED]> recipient delayed: [EMAIL PROTECTED] Nov-20-06 22:49:57 219.131.5.49 <[EMAIL PROTECTED]> is disconnected -----[Waiting 15 minutes, accepted without HELO check]----- Nov-20-06 23:05:03 Connected: 219.131.5.49:1216 -> 127.0.0.1:25 -> 127.0.0.1:26 Nov-20-06 23:05:06 219.131.5.49 <[EMAIL PROTECTED]> whitelisting triplet: (219.131.5.0,[EMAIL PROTECTED],[EMAIL PROTECTED]) waited: 15m 10s Nov-20-06 23:05:08 219.131.5.49 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] passing is safe because testmode, otherwise Bayesian spam Nov-20-06 23:05:08 219.131.5.49 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] spam determined to be safe, passing on to recipient brewer_ -> c:/assp/corpus/normal/spam/16986.eml Nov-20-06 23:05:08 219.131.5.49 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] deleting spamming whitelisted tuplet: (219.131.5.0,kociba.net) age: 2s Nov-20-06 23:05:23 219.131.5.49 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] is disconnected ---------- The second attempt *should* have failed the HELO check also, but didn't. The HELO used was "hjpgere". The same email (from the corpus) fails the Analyzer test for the HELO check. Any thoughts or recommendations would be appreciated. Thanks! ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
