Re: understanding HELO_DYNAMIC_IPADDR

Fri, 13 May 2016 11:05:42 -0700

SA uses IP-in-name as a machine-decidable definition of a dynamic IP, since you can't really automate it otherwise. This heuristic holds in the vast majority of cases, and is effective against a huge class of spam that comes from public ISPs who don't block port 25.
An ISP's customers are generally going to have hosts like ipXXX-XXX-XXX-XXX.city.region.isp.net, and the name includes their IP because simply being an IP address is that host's purpose. That same ISP's mail servers are going to have hostnames like mail-15.isp.net. It's more specific because the list of mail servers is far smaller than the list of IPs, and this is the 15th of them. 


The solution is to give your mail servers better hostnames that clue 
into the narrower scope of their purpose.


On 5/13/2016 12:42 PM, Robert Boyl wrote:

Thanks a lot for your answer, sorry for confusion.


But why add such a high score of 3,24 just before the host that sent 
my server mail is webmail-201.76.63.163.ig.com.br 
<http://webmail-201.76.63.163.ig.com.br> ?



Its considered a dynamic IP? It isnt, its IGs server sending mail to 
our server.


Can I ask Spamassassin folks to improve this?

Thanks


2016-05-01 11:06 GMT-03:00 RW <rwmailli...@googlemail.com 
<mailto:rwmailli...@googlemail.com>>:


    On Sun, 1 May 2016 10:20:09 -0300
    Robert Boyl wrote:

    > Hi, everyone
    >
    > Ive seen some discussion in Spamassassin's bugzilla about this
    > HELO_DYNAMIC_IPADDR rule, some unanswered over years.
    >
    > It says in description: # (require an alpha first, as legit
    > HELO'ing-as-IP-address is hit otherwise)
    >
    > Is it talking about the host that first appears, that sent the email
    > authenticated to his ISP or the host/ISP that delivers to our
    server?

    The latter.

    > This is the host that delivered mail to my ISP:
    >
    > Received: from webmail-201.76.63.163.ig.com.br
    <http://webmail-201.76.63.163.ig.com.br> (
    > webmail-201.76.63.163.ig.com.br
    <http://webmail-201.76.63.163.ig.com.br> [201.76.63.163
    <tel:%5B201.76.63.163>]) by mx3.myisp.com <http://mx3.myisp.com> with
    > ESMTP id rDrGtcYe1PdHDBfh; Wed, 06 Apr 2016 09:02:10 -0400 (EDT)
    > X-Barracuda-Envelope-From: some-sen...@ig.com.br
    <mailto:some-sen...@ig.com.br>
    >

    > I dont understand, since IMHO it shouldnt matter the host that sent
    > mail to its ISP, if its dynamic or not. IMHO what should matter is
    > the ISP sending mail to our ISP and in that case, the host does NOT
    > start with a number.

    It not about whether it start with number.  The comment you quoted is
    "require an alpha first", and alpha means a letter.


    webmail-201.76.63.163.ig.com.br
    <http://webmail-201.76.63.163.ig.com.br> starts with a letter and
    contains an IP
    address.


























					Reply via email to