Justin Mason wrote:
Eric A. Hall writes:
SA 3.0.2 currently performs a handful of tests against HELO greetings that
contain an IP address. These tests don't currently fire when an "address
literal" is used in the HELO greeting, but they should.
actually, that's deliberate -- compare the frequencies of an RFC-2821 address literal, vs. a raw address, and you'll notice that the latter is much more prevalent in spam.
Do you mean it's deliberate to catch this (as a helo ip mismatch):
Received: from unknown (HELO 212.27.42.19) (218.190.234.6)
but not this
Received: from unknown (HELO [212.27.42.19]) (218.190.234.6)
I can see that the latter may hit ham (nat+no hostname). Is this the justification? (hit very few spam but hit some ham?)
