Some caveats: 1) Bogus Received headers are common but always occur below the last legitimate header (once you find one bogus one the rest are probably junk too), 2) envelope sender (helo_name) is often forged,
Just being pedantic here, but the helo name is not related in any way to the envelope sender.
The HELO or EHLO commands are supposed to be used to identify the name of the mail server making the connection, but is essentially meaningless these days and is just a vestige of a time long forgotten when everyone played nice and gave valid information. Think of it as the SMTP equivilent of an appendix :)
The envelope sender is provied in the MAIL FROM: exchange that happens after the HELO/EHLO exchange. Indeed, _both_ are usually forged by spammers....
Regards, Simon
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
