On Wed, 16 Apr 2025, Giovanni Bechis wrote:
Hi,
__HELO_NOT_RDNS is defined as
header __HELO_NOT_RDNS X-Spam-Relays-External =~ /^[^\]]+ rdns=(\S+)
helo=(?!(?i)\1)\S/
and it hits on a FPs.
Apr 16 11:02:44.414 [17868] dbg: rules: ran header rule __HELO_NOT_RDNS
======> got hit: "[ ip=52.100.155.200 rdns=mail-bn7nam10hn2200.outbound.protection.outlook.com helo=N"
It's intended to hit when the HELO isn't the sames as the rdns.
Apr 16 11:02:41.469 [17868] dbg: metadata: X-Spam-Relays-External: [
ip=52.100.155.200 rdns=mail-bn7nam10hn2200.outbound.protection.outlook.com
helo=NAM10-BN7-obe.outbound.protection.outlook.com by=srv.example.com ident=
helo=NAM10-BN...
does not match
rdns=mail-bn7...
It appears to me to be working as designed.
A failure would be a hit on a header with a *matching* HELO:
helo=mail-bn7nam10hn2200.outbound.protection.outlook.com
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
3 days until the 250th anniversary of The Shot Heard 'Round The World
