[GLLUG] SMTP HELO/Spam Question

[Marshal Newrock]

On Thu, 30 Sep 2004, Brad Fears wrote:

> We have a qmail smtp implementation for our outgoing mail, which has been
> working very well for more than a year now.  However, I sent an email to
> myself last evening and noticed that it went straight to my spam folder
> (ala spamassassin).  Upon investigation, I found the reason to be that the
> dial up connection I was using through MSU was listed in SORBS, DYNABLOCK,
> DSBL, etc.
>
> I checked the email headers, and the HELO command from the SMTP server
> reflected the local dialup IP address rather than that of the mail server
> sending the mail.  I sent a test message from Hotmail to see the results
> of the HELO command again, and it reflected "hotmail.com" rather than my
> dialup IP, which (I assume) is the reason that spamassassin lets it go
> right through.  Does anyone know how to configure qmail-smtpd so it will
> send my mail server's IP rather than my dialup IP?  I have relaying
> limited to localhost for Squirrelmail, if that has anything to do with it.

The dnsbl's don't block on HELO names, as you can put whatever you'd like
for it, and spammers do.  Frequently, they put in the hostname or IP of
your mail server.  Instead, the IP of the connecting machine is checked
against the dnsbl's.  spamassassin probably looks at Received header lines
and queries the blacklists.

At least some of the blacklists simply keep track of dialup ranges, and
block solely based on that.  You could stop using the dialup lists or give
them a lower point value, or whitelist your own IP range.  You could
whitelist by From address or helo name, but that is very susceptible to
forgery.

-- 
Sometimes the garbage disposal gods demand a spoon
()  The ASCII Ribbon Campaign against HTML Email,
/\  vCards, and proprietary formats.
  http://www.georgedillon.com/web/html_email_is_evil.shtml