On Mon, 2005-04-04 at 12:14 +0100, Tony Finch wrote:
> On Mon, 4 Apr 2005, Ron McKeating wrote:
>
> > We have a complain because we rejected an email that looked like a
> > forged hello, here is our log entry
> >
> > 2005-04-02 16:02:44 H=mail1.gov.im (KEWAIGUE.mailsec) [217.23.170.232]
> > rejected EHLO or HELO kewaigue.mailsec: Forged HELO: constructed by
> > viruses KEWAIGUE.mailsec
>
> You are being unusually strict so I'm not surprised that it's causing
> trouble. Although there's a lot of milage in HELO heuristics, there's also
> a very high probablility of false positives the more clever you try to be.
> It would probably be better to implement this kind of test as a
> SpamAssassin rule.
>
Well we have been doing it for a long time, and this is the first
complaint we have had. A spamassassin rule you say, now that sounds
good, anybody done this already to save the re-invention of wheels.
Ron
> Tony.
> --
> <fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
> N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
> \N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
>
--
Ron McKeating
Senior IT Services Specialist
Computing Services
Loughborough University
01509 222329
