Guys, if my mail server announces itself as mail.somename.com and has a
PTR that matches. I can send mail out as someone (AT) somename (DOT) com or
someone (AT) anothername (DOT) com as long as the MX record for the domain
"anothername.com" reads as "mail.somename.com"
The original questions was how do I write a header rule similar to
below, to identify if the announce name and PTR name do not match?
header LCAL_INVALID_PTR2 Received =~ /from \S+ \(unknown /
thanks,
Robert
Peace he would say instead of goodbyepeace my brother.
Message
From: hamann.w (AT) t-online (DOT) de [mailto:hamann.w (AT) t-online (DOT) de]
Sent: Thursday, 19, 2006 4:05 PM
To: users (AT) spamassassin (DOT) apache.org
Subject: RE: Scoring PTR's

>
>*cirencester.co.uk*(*c204131.adsl.hansenet.de*[213.39.204.131])
>
>Clearly, the PTR used here indicates a dynamic IP address. That may
prompt
>an immediate reaction. But Richard gave a good example:
>
>Received: from mail.apache.org (hermes.apache.org [209.237.227.199])
>
>There is really nothing score-worthy about that (spam-wise).
>
>Your example, btw, on my server would be REJECT-ed for another
reason,
>though:
>
>Go away, spammer! [213.39.204.131]: "United Kingdom" [.uk HEL] !=
>"Germany" [.de PTR]"
>
>In the strictest sense, I'm not allowed to do that, either. But my
>rationale is, that the connecting host's HEL is perpetrating a lie
here
>that under any reasonable circumstance is just irreconcilable with
the
>PTR (the MTA simply cannot be in both countries at the same time).
>
>- Mark
>
>
wouldn't it be possible for a .de hosting companyto host a .uk domain or
vice versa?
course I would not like to be hosted on an adsl link but that kis a
different story
Wolfgang Hamann

Robert Swan wrote:
Guys, if my mail server announces itself as mail.somename.com and has a
PTR that matches. I can send mail out as someone (AT) somename (DOT) com or
someone (AT) anothername (DOT) com as long as the MX record for the domain
"anothername.com" reads as "mail.somename.com"

The original questions was how do I write a header rule similar to
below, to identify if the announce name and PTR name do not match?

header LCAL_INVALID_PTR2 Received =~ /from \S+ \(unknown /

Doesn't sendmail usually insert the phrase "claiming to be
some.other.host" in these situations? For instance,

Received: from exchange.fccj.edu(207.203.47.99), claiming to be
"fccj-sbm-03.fccj.org"

Unfortunately a quick grep for 'claiming to' in my mail spool shows
dozens of perfectly legitimate mail servers that result in a "claiming"
header, like the one above.

The only one of these cases that I score is "claiming to be localhost"
which gets 3 points here. They're nearly always spams though they're
usually tagged by other rules. A quick grep of my logs shows that the
lowest SA score received by a message that claims to be localhost is
about 10 (including the 3 points for this rule).

Peter