> -----Original Message-----
> From: Andrew Hearn [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 11, 2007 12:04 PM
>
> Hi,
>
> Can anyone explain why this email:
> http://pastebin.ca/811938
> is getting a hit on HELO_DYNAMIC_SPLIT_IP.
>
> I'm seeing a few ham message being caught by this....
>
> (SpamAssassin version 3.2.3, sa-update)
smtp.aaisp.net.uk maps to two IP addresses (81.187.81.51 and 81.187.81.52).
An outgoing mail server is supposed to announce itself via HELO with its
own, specific name, not with a service name (like smtp.etc.etc).
aaisp.net.uk could define the following:
smtp1 A 81.187.81.51
smtp2 A 81.187.81.52
smtp A 81.187.81.51
A 81.187.81.52
where the latter name is only suitable to their customers, in order to
accept mail to be delivered. Then, when delivery occurs, the SMTP server
should identify itself with its unique name. Like, in example:
EHLO smtp1.aaisp.net.uk
This allows also to define two different entries in aaisp.net.uk's DNS
reverse mappings:
51 PTR smtp1.aaisp.net.uk.
52 PTR smtp2.aaisp.net.uk.
which may help in better identifying the abused host, whenever it happens.
Giampaolo
>
> Thanks!
>
> Andrew
