Jim Schueler wrote on Monday, June 13, 2005 1138
> I should have been more specific in my original request. The stock rule to > detect HELO forgery is exactly what I'm looking for. Am new to SA so I don't know how these tests really work or why none were displayed in your spample. But here are the HELO forgery rules that may relate: FAKE_HELO_MSN, MAIL_COM, EMAIL_COM, EUDORAMAIL, EXCITE, LYCOS, YAHOO_CA, and MAIL_COM_DOM. HELO_DYNAMIC_IPADDR, DHCP, HCC, ATTBI, ROGERS, ADELPHIA, DIALIN, HEXIP, SPLIT_IP, YAHOOBB, OOL, IPADDR2, RR2, COMCAST, TELIA, VTR, CHELLO_NO, CHELLO_NL, VELOX, NTL, and HOME_NL. FORGED_RCVD_HELO RCVD_HELO_IP_MISMATCH RCVD_NUMERIC_HELO RCVD_FAKE_HELO_DOTCOM NO_RDNS_DOTCOM_HELO These tests are described on the wiki at http://spamassassin.apache.org/tests_3_0_x.html. I cooked up an Excel spreadsheet for easier sorting and organizing, and can send it to you off-list if you want. HTH, Sean Sowell www.twin-dad.com
