On Mon, 4 Apr 2005, Ron McKeating wrote:
> We have a complain because we rejected an email that looked like a
> forged hello, here is our log entry
>
> 2005-04-02 16:02:44 H=mail1.gov.im (KEWAIGUE.mailsec) [217.23.170.232]
> rejected EHLO or HELO kewaigue.mailsec: Forged HELO: constructed by
> viruses KEWAIGUE.mailsec
You are being unusually strict so I'm not surprised that it's causing
trouble. Although there's a lot of milage in HELO heuristics, there's also
a very high probablility of false positives the more clever you try to be.
It would probably be better to implement this kind of test as a
SpamAssassin rule.
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
