I recently noticed a piece of spam which had made it to my inbox had used my own mail server's IP address as it's HELO.
So I did a little digging in my recent IMail sysMMDD.txt logs and found that the mail server was getting at least a 150 of these every day and that none of them (of course) were ham, and that generally, they were getting held anyway do to the weight of other tests. It's clearly a spammer making a specific effort to evade some kind of antispam defense; anybody know for sure what that defense is? Now I have a specific line in one of my JunkMail Pro text files that checks: HELO 30 IS 127.0.0.1 Where the IP is the external IP of my mail server. My hold weight is 20. Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
