On Mon, 25 Jan 2016 15:01:29 +0100 Reindl Harald wrote: > Am 25.01.2016 um 14:41 schrieb RW: > > On Mon, 25 Jan 2016 14:11:30 +0100 > > Reindl Harald wrote: > > > >> there is *no point* on fire a rule on the third Received header > >> when the HELO is pretty clear "mail1.intellij.net" and matches > >> PTR/A perfectly too > > > > Of course there's a point. It's intended to detect spam software > > that's relaying through a real MTA - typically someone else's. > > no there is no point > > "Received: from unknown (HELO 46.137.93.51) with ESMTPA" is the MTA > client (the A is for Authenticated = SASL)
It's not looking for an IP address, it's looking for a bare IP address which is an RFC violation. An MUA would have got it right, so the ESMTPA mean little in this case. > >> at least 1.5 points is unacceptable for (in general questionable) > >> deep header inspection > > > > It works well for me, if you don't like it rescore it > it would work well if it only checks the own received header > > Received: from mail1.intellij.net (mail1.intellij.net > [46.137.178.215]) "mail1.intellij.net" is one time for the HELO and > one time for the PTR That's what FSL_HELO_BARE_IP_1 is for. It has a much higher score.
