Yes, that's the HELO variable. Your configuration should already be triggering HELOBOGUS on the sample you provided; if you want to be particular about the problem you specified
HELO 1 NOTCONTAINS . would do the trick. You will probably penalize as much spam as ham this way, though. Lots of mailservers are set up without conforming to the best practices we wish everyone would, so you'll see just a hostname, like cc-2, or an internal hostname from an Exchange server or an Active Directory server fully qualified domain name, like cc-2.example.local Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, February 10, 2005 11:15 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] FW: Is there a variable for this Reposting Goran Jovanovic The LAN Shoppe -----Original Message----- From: Goran Jovanovic Sent: Thursday, February 10, 2005 12:01 AM To: 'Declude.JunkMail@declude.com' Subject: Is there a variable for this Hi, Is there a variable for: Received: from cc-2 [216.132.135.170] by ......... The cc-2 in this case. This is the mail server that last touched it. I was wondering if it would be a good idea to query the cc-2 and assign it points if it did not have a "." in it. It is supposed to be a proper name. I have noticed some spam (line this one) comes from servers/workstations that are not configured correctly. Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.