On 29/07/18 11:28, Antony Stone wrote:
On Sunday 29 July 2018 at 12:17:07, Sebastian Arcus wrote:
I've been having a number of emails recently from Yahoo and AOL senders
hitting the RCVD_NUMERIC_HELO rule. I'm trying to understand what is
going on:
1. First off, the rule hits on the EHLO line - which means the it is an
authenticated SMTP submission.
Er, what?
No, EHLO simply means "Hello, I'm capable of doing ESMTP".
Thank you - I clearly got that one wrong.
Looking again at it - the 82.132.242.82 is registered as O2/Telefonica
wireless broadband. I wonder if this is a 3G/4G connection - which in UK
always has a private IP address - at the mobile phone level. Maybe
that's why the confusion - the MUA on the mobile phone thinks it is
10.7.54.227 (which it is), but the Yahoo server can only see the public
IP 80.132.242.82, which belongs to the O2 gateway. Could that explain
that particular header?
>> After all, if it is EHLO, it probably is an MUA,
>
> No; MTAs also speak E/SMTP to each other, and some of those Received
headers
> indicating handover of the mail from one server to another will
contain the
> HELO or EHLO greetings.
>
>> 2. Or maybe this is caused by Yahoo's end - in which case would some
>> sort of exception be a good idea?
>
> Yes, I would do that.
>
>> Or maybe I am misunderstanding completely what is going on? I've
>> uploaded a set of headers here: https://pastebin.com/KDV1f0wW
>
> Given that the example you've posted is from a machine with a public IP
> 82.132.242.82, but thinks it has a private IP 10.7.54.227, I'm not
entirely
> surprised there is no rDNS set up for the private address.
