I am trying to use SpamAssassin to be on the lookout for incorrect
information the HELO data.
Right now, I've been using postfix's smtpd_helo_restrictions
reject_unknown_hostname option. It really tweeks customers that a
misconfigured exchange server can't email them at all when this is in
effect. For me, it rejects massive amounts of virii and spam. But the
sending machines won't give us and keep trying to send and resend the
message despite the bounces from our postfix. So for performance it might
be better to quietly accept the message once, then let SpamAssassin do
with it as it pleases.
Here is an example where I tested it manually. Note that I put "random" in
for the helo information. Postfix would reject this if the above mentioned
option were on. How does the FORGED_RCVD_HELO work or is there another
test that might help here?
TIA,
Jason
[EMAIL PROTECTED]:~$ telnet d.mail.midcoast.com 25
Trying 69.39.100.11...
Connected to d.mail.midcoast.com.
Escape character is '^]'.
220 mc1.midcoast.com ESMTP Postfix
EHLO random
250-mc1.midcoast.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250 8BITMIME
MAIL FROM:<[EMAIL PROTECTED]>
250 Ok
RCPT TO:<[EMAIL PROTECTED]>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: testing3
3
.
250 Ok: queued as F15A9EE7A
quit
221 Bye
Connection closed by foreign host.
I get the message:
>From [EMAIL PROTECTED] Fri Nov 21 15:11:18 2003
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from random (sidehack.sat.gweep.net [204.145.148.154])
by mc1.midcoast.com (Postfix) with ESMTP id F15A9EE7A
for <[EMAIL PROTECTED]>; Fri, 21 Nov 2003 15:11:06
-0500
+(EST)
Subject: PJM-> testing3
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 21 Nov 2003 15:11:06 -0500 (EST)
From: [EMAIL PROTECTED]
To: undisclosed-recipients:;
X-Spam-Report:
* 0.3 NO_REAL_NAME From: does not include a real name
* 3.7 MSGID_FROM_MTA_SHORT Message-Id was added by a relay
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
mc1.midcoast.com
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=4.0 required=4.0 tests=MSGID_FROM_MTA_SHORT,
NO_REAL_NAME autolearn=no version=2.60
X-Spam-Level: ****
Status: O
3
[EMAIL PROTECTED]:~> grep -v \# /etc/mail/spamassassin/local.cf
report_safe 0
rewrite_subject 1
subject_tag PJM->
score TRACKER_ID 0.0
defang_mime 0
skip_rbl_check 1
use_razor2 0
use_bayes 0
use_pyzor 0
use_dcc 0
score FORGED_RCVD_HELO 3
I use spamd/spamc, and it has been recently restarted.
--
/*
Jason Philbrook | Midcoast Internet Solutions - Internet Access,
KB1IOJ | Hosting, and TCP-IP Networks for Midcoast Maine
http://f64.nu/ | http://www.midcoast.com/
*/
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
