On Fri, 20 Nov 2009, Michael Scheidell wrote:
>
> spf passes, but sendmail is telling you the FWD and RDNS don't match the
> helo string.
>
> from 123greetings.biz (listserv12.123greetings.biz [66.70.117.101]
>
>
> host 66.70.117.101
> 101.117.70.66.in-addr.arpa domain name pointer listserv12.123greetings.biz.
> mx2.secnap.com.ionspam.net# host listserv12.123greetings.biz
> listserv12.123greetings.biz has address 66.70.117.94
> listserv12.123greetings.biz has address 66.70.117.92
> listserv12.123greetings.biz has address 66.70.117.93
> listserv12.123greetings.biz has address 66.70.117.91
> listserv12.123greetings.biz has address 66.70.117.90
Actually to be pedandic, the "(may be forged)" label doesn't
say anything about the helo string, it just means that the FWD and RDNS
don't match for the IP address of the sending machine. This means
that the ISP's DNS service for that host/ip-addr aren't correct
(or somebody's trying to pull a forgery but in this particular
case SPF disproves that suspicion).
This has ramifications for things such as "whitelist_from_rcvd"
but SPF can work with out it.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
