Kelly Jones writes: > Spamassassin has lots of tests for fake HELOs. If someone says "HELO > hotmail.com", but aren't connecting from a Hotmail IP address, they > get dinged (spam score is increased). > > Recently, someone connected our server, call it mx.xyz.com, and said > "HELO mx.xyz.com". Spamassassin didn't ding it for doing this. > > Is there a ruleset that does this? I realize xyz.com couldn't be > hardcoded (otherwise, it'd be a different ruleset for everyone), but > is there a generic ruleset that uses a function call or something to > figure out your MX server (or the name of the machine spamassassin is > running on) and then ding someone HELO'ing as that?
This is a great spam-sign alright, but I don't know of a way to detect what the local site's HELO is, bar each site writing their own rules to do so. Bayes does a good job of figuring this out, btw. Any suggestions? --j.
