On 2025-04-16 23:29, giova...@paclan.it wrote:
On 4/17/25 3:23 AM, John Hardin wrote:
On Wed, 16 Apr 2025, Giovanni Bechis wrote:
Hi,
__HELO_NOT_RDNS is defined as
header __HELO_NOT_RDNS X-Spam-Relays-External =~ /^[^\]]+
rdns=(\S+) helo=(?!(?i)\1)\S/
and it hits on a FPs.
Apr 16 11:02:44.414 [17868] dbg: rules: ran header rule
__HELO_NOT_RDNS ======> got hit: "[ ip=52.100.155.200
rdns=mail-bn7nam10hn2200.outbound.protection.outlook.com helo=N"
It's intended to hit when the HELO isn't the sames as the rdns.
then Microsoft has some rdns issues.
I am going to lower some scores locally until Microsoft fixes their setup.
Thanks
Giovanni
Apr 16 11:02:41.469 [17868] dbg: metadata: X-Spam-Relays-External: [
ip=52.100.155.200
rdns=mail-bn7nam10hn2200.outbound.protection.outlook.com
helo=NAM10-BN7-obe.outbound.protection.outlook.com by=srv.example.com
ident=
helo=NAM10-BN...
does not match
rdns=mail-bn7...
It appears to me to be working as designed.
A failure would be a hit on a header with a *matching* HELO:
helo=mail-bn7nam10hn2200.outbound.protection.outlook.com
__HELO_NOT_RDNS is a powerful rule, but ONLY in conjunction with other
conditions.. there is nothing wrong with a HELO being different from
rDNS, there could be a internal naming convention for networks, while
the email traffic exits a gateway with more public naming conventions..
You say you need to lower some scores, but this is probably not related
to __HELO_NOT_RDNS.
__HELO_NOT_RDNS is a valuable tool to help detect incorrectly configured
servers, as well as specific snow shoe spammers, forgeries and other things.
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
