On Wed, 2006-01-11 at 13:03, Joseph Brennan wrote:
> In addition to scoring for syntactically invalid Helo like no dots,
> or numeric without brackets, we look up the Helo name. This allows
> us to score for syntactically correct names that do not exist.
>
>
> That test caught this:
>
> > Received: from citims2.info.citibank.com
> > (citims2.info.citibankcards.com [198.160.96.232]) by
>
> The Helo string "citims2.info.citibank.com" is not a valid hostname,
> although if you telnet 198.160.96.232 25, that's the name it gives
> in the banner. Anyway it's only mail claiming to be from a bank
> with <a ..> links to web pages. Why should we worry?
I'd expect a lot of that from multi-homed boxes and ones
behind NAT gateways. There's no requirement for mailers
to match the Helo to the interface or for all of its
interfaces to have names in public DNS.
--
Les Mikesell
[EMAIL PROTECTED]
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
