Giampaolo Tomassoni wrote: >> -----Original Message----- >> From: Andrew Hearn [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, December 11, 2007 12:04 PM >> >> Hi, >> >> Can anyone explain why this email: >> http://pastebin.ca/811938 >> is getting a hit on HELO_DYNAMIC_SPLIT_IP. >> >> I'm seeing a few ham message being caught by this.... >> >> (SpamAssassin version 3.2.3, sa-update) > > smtp.aaisp.net.uk maps to two IP addresses (81.187.81.51 and 81.187.81.52). > > An outgoing mail server is supposed to announce itself via HELO with its > own, specific name, not with a service name (like smtp.etc.etc). > > aaisp.net.uk could define the following: > > smtp1 A 81.187.81.51 > smtp2 A 81.187.81.52 > smtp A 81.187.81.51 > A 81.187.81.52 > > where the latter name is only suitable to their customers, in order to > accept mail to be delivered. Then, when delivery occurs, the SMTP server > should identify itself with its unique name. Like, in example: > > EHLO smtp1.aaisp.net.uk > > This allows also to define two different entries in aaisp.net.uk's DNS > reverse mappings: > > 51 PTR smtp1.aaisp.net.uk. > 52 PTR smtp2.aaisp.net.uk. > > which may help in better identifying the abused host, whenever it happens. > > Giampaolo >
Thanks for the reply and explanation, I'll look in to this!
