On Saturday, February 21, 2009, 9:06:10 AM, Michael Scheidell wrote: > (well, lots of them do, someone send blackberry a copy of the RFC's?)
> one of our users keeps blocking emails from blackberry users due to this: > blackberry server does a 'helo 67.223.83.81' in violation of RFC's (when > it should at LEAST do a helo [67.223.83.81]) > Spamassassin score (correctly) this as 'RCVD_NUMERIC_HELO' as it really > IS an invalid helo. > I have seen a lot of strange things blackberry does. including go for > the highest mx record FIRST (every time), when several lower mx record > servers are available and idle, strange DNS stuff, mashing and munging > of headers. > if this had been send to a system that checks RFC's carefully, and drops > ignorant servers on the floor it would not even have gotten in. > received:from 67.223.83.81 ([67.223.83.81]) by > 2k3exchange.local ([192.168.1.3]) with Microsoft Exchange > Server HTTP-DAV ; Fri, 20 Feb 2009 22:33:48 +0000 > x-rim-org-msg-ref-id:1281710162 Hi Mike, I brought this to Chris Lewis and he asked me to forward a response to you: "Hi Mike, it's been a looonnnng time. These IPs doesn't appear to be really HELO'ing that way. This appears to be more an artifact of a rather warped SExchange HTTP-DAV injector (.local TLDs? Oh geeze), rather than anything that blackberry.com actually says in SMTP. In other words, I don't think this represents a SMTP conversation, it was DAV. Given the SExchange borkeness, it's entirely appropriate that SA would penalize the score of these emails. Not because blackberry.com is doing something wrong (because it doesn't appear to be), but because this specific SExchange gateway is doing its best to impersonate a header-randomizing bot." Jeff C. -- Jeff Chan mailto:je...@surbl.org http://www.surbl.org/
