Matus UHLAR - fantomas a écrit : >>> On 19.08.09 00:48, mouss wrote: >>>> The name of the rule is worng, but the result is ok. Instead of >>>> "dynamic", I suggest: "UMO" for "Unidentifiable Mailing Object". whether >>>> static-ip-.... is static or not doesn't matter. a lot of junk comes from >>>> such hosts, and we can't report/complain to a domain, since the domain >>>> is that of the SP (and getting SPs to block abuse sources have proven >>>> vain). > >> Matus UHLAR - fantomas a écrit : >>> I'd be glad to see if there's any difference in percentage of spam from >>> dynamic and static (generic) IP addresses. > >> http://enemieslist.com/news/archives/2009/07/why_we_suspect.html > > it says something very close to nothing. from SA point of view, the ham/spam > ratio is important and that is what I am curious about... > >>> There's also __RDNS_STATIC rule which excludes those "static" from being >>> considered as dynamic. There should be one for HELO rules too - >>> It would make me angry if I got scored more just because my server is >>> properly configured and uses proper helo which is the same as RDNS >>> (some helo checks have higher score than RCVD_HELO_IP_MISMATCH) > > On 19.08.09 09:55, mouss wrote: >> if your PTR is generic, then it is better to set the HELO to a >> "non-generic" value. just make it resolve to the same IP. while it is >> not always possible to set a "custom" rdns, there is no excuse for not >> setting a "meaningful" HELO. > > I wouldn't say so. Automatic helo string is much easier to configure and > requires less work than manual... >
Then helo is useless. but that's not what we are about: if you are smtp.google.com, then I don't care about your helo. but if your PTR is joe-192-1-2-3.example.com, then I am not very open to accept your transaction. if you do an effrot and helo with "flower.example.net", then I'll give you a better treatment. said otherwise: if I reject your mail because you helo with a generic name, don't ever try to complain. first, if you can't get a "custom" rdns, it is _your_ problem. I might listen to you blaming your provider. but if you can't set a "custom" helo, then I won't listen to you at all. for the same reasons, I reject mail hosts helo-ing as "localhost", *.localdomain", "*.arpa", "*.firewall", "*.myfirwall", ... etc. It's more effective to get them fix their helo than ask the whole world to accept the junk. and this is no different than any rule in SA. I find it easier to ask an admin to fix his helo than to tell someone that the message was tagged because "the subject is all caps and foo is bar and bar is foo". > Yes, with current SA setting it may be true. But since we are complaining > about this, this ain't an answer... I block such stuff at smtp transaction. if I get junk from joe-1-2-3-4.domain.tld, I add a rule to block this in helo check. if helo check is not enough, the rule is applied to the PTR.
