On Fri, 13 May 2016, Joe Quinn wrote:
SA uses IP-in-name as a machine-decidable definition of a dynamic IP, since you can't really automate it otherwise. This heuristic holds in the vast majority of cases, and is effective against a huge class of spam that comes from public ISPs who don't block port 25.
It fails in this case, so a fix should be implemented if possible.
An ISP's customers are generally going to have hosts like ipXXX-XXX-XXX-XXX.city.region.isp.net, and the name includes their IP because simply being an IP address is that host's purpose. That same ISP's mail servers are going to have hostnames like mail-15.isp.net. It's more specific because the list of mail servers is far smaller than the list of IPs, and this is the 15th of them. The solution is to give your mail servers better hostnames that clue into the narrower scope of their purpose.
This is NOT a practical solution. You can't expect administrators to know about this problem, some styles of hostnames not playing well with SA.
A possible remedy for this specific case would be to add a check if the hostname also contains the strings "webmail[-.]" or "mail[.-]". This fixes this specific case, and possibly other cases. Does anyone know about any hostnames with such string in them that aren't mail servers?
-- Kim Roar Foldøy Hauge Event:Presse - The Gathering 2016 webmas...@samfunnet.no Root@HC,HX,JH,LZ,OT,P,VH
