In addition to scoring for syntactically invalid Helo like no dots, or numeric without brackets, we look up the Helo name. This allows us to score for syntactically correct names that do not exist. That test caught this:
Received: from citims2.info.citibank.com (citims2.info.citibankcards.com [198.160.96.232]) by
The Helo string "citims2.info.citibank.com" is not a valid hostname, although if you telnet 198.160.96.232 25, that's the name it gives in the banner. Anyway it's only mail claiming to be from a bank with <a ..> links to web pages. Why should we worry? Joseph Brennan Columbia University Information Technology _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
