On 02.06.09 17:01, fchan wrote: > I recently was checking on servers that were sending out spam and found > one of them had the hostname called "localhost" which I think is a > attempt to bypass SA. The IP address is 222.252.188.181 which maps back > to Vietnam. > Also I found that a large percentage of my spam comes from Brazil and I > checking of anyone noticed this also.
181.188.252.222.in-addr.arpa domain name pointer localhost. That is why FcRDNS is being used everywhere... localhost has address 127.0.0.1 => fail. if anyone uses reverse DNS name without forward-confirming it, it's their own fault and they can take all consequencies from such stupid setup. afaik some reverse-checking services are more strict about invalid than about nonexisting hostnames. And I recommend to behave like that. SA (usually) uses hostname passed by MTA, so if an MTA is affected by this bug, blame MTA, not SA. And I'm not sure if the hostname is used by any checks that would cause positive (oor lower negative) score. Maybe SPF, I expect someone to comment on this... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "One World. One Web. One Program." - Microsoft promotional advertisement "Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
