On 04.09.07 16:26, Dan Fulbright wrote: > Thank you for the replies, however, I think I'll restate my own > question. Why are there so many rules that seem to check for the same > thing?
I can't fully answer that, however HELO string is not reverse DNS. > I'm seeing this more and more often. xo.net seems to be a > common domain that uses hostnames like this to send mail. I feel like > the right thing to do would be to tell the sender to get a better > reverse DNS, but that just isn't feasible. > > Received: from 1.2.3.4.ptr.us.xo.net [1.2.3.4] by mail4.example2.com with > SMTP; > Tue, 4 Sep 2007 12:10:07 -0500 Imho, if HELO string matches reverse DNS (or IP, if revdns does not exist), only one score should apply. If revdns lookd dynamic and host is already in dynamic addr blacklists (like sorbs DUL), only one should apply. Both can be done by negative virtual scores... This would save us from too high, just because revdns looks dynamic AND blacklist just CONFIRMS it's dynamic. I work by an ISP, and I registered our dynamic ranges by maps, sorbs and njabl more than once, just to allow people reject/filter. Some our customers still don't use SMTP auth (although we recommend using it, we don't require it yet) and they get scored. I know that RBLs aren't checked when connecting IP is in trusted_networks, but does this apply for HELO_*? > Is anyone familiar with xo.net? If so, do you know why I am seeing so > many messages from hostnames that look like this? Are these dynamic or > static IP addresses? afaik that kind of generic DNS is considered dynamic unless contains string indicating it's static. Sorbs has the same rule and I agree with it... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display 16.7 million colors
