Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-13 23:57 UTC

Message

HELO not "%d" misfires too often

2014-08-29 by Jim Klimov

A while ago I was suggested to use 'helo not "%d"' constructs
to verify if DNS PTR and HELO names of a remote relay agree.
Unfortunately, either I do something wrong, or it misfires
too often. With a config snippet like this:

racl continue \
     not helo "%d" \
     set $dnsscore+=10 \
     log "(%i SP:+10) %P{conninfo}: Malformed HELO (HELO '%h' does not 
match reverse DNS '%d')" \
     set $msgDNS="Malformed HELO (HELO '%h' does not match reverse DNS 
'%d')"


... I often see logs like these, which (seem to) mention the
same string in both HELO and DNSPTR parts:

Aug 29 01:06:14 dao.virt.cos.ru milter-greylist: [ID 536703 mail.info] 
(216.227.218.80 SP:+10) IP:'216.227.218.80' DOMAIN:'joy.lunarbreeze.com' 
HELO:'joy.lunarbreeze.com' FROM:'gVIwyErHMkoOi@...' 
RCPT:'bugaev@...': Malformed HELO (HELO 'joy.lunarbreeze.com' does 
not match reverse DNS 'joy.lunarbreeze.com')

...and I can't find any mismatches in real DNS (perhaps dot-ended
names, etc.) Any ideas on debugging this issue?
NOTE: Okay, the example above is a spammer example, but I have
such issues with big-name providers as well which are unlikely to
be lax in their DNS setups. Their logs rolled off-screen at the
moment ;(


..These are possibly more reasonable "mismatches", as far as
case-sensitivity might be concerned (although not really
relevant for DNS):

Aug 29 04:57:51 dao sendmail[19426]: [ID 801593 mail.notice] 
s7O0vmQv019426: MGL-TEMPFAIL-DNS-120: DNScheck: likely spam-source; 
repost from registered SMTP server, or contact 
bypass-antispam@.... Malformed HELO (HELO 
'DUB004-OMC1S3.hotmail.com' does not match reverse DNS 
'dub004-omc1s3.hotmail.com') SPF pass


...And these are proper hits that the rule is made for:

Aug 29 00:38:09 relay-mta milter-greylist: [ID 354941 mail.info] 
(89.240.10.108 SP:+10) IP:'89.240.10.108' 
DOMAIN:'host-89-240-10-108.static.as13285.net' 
HELO:'mail.netcellsolutions.com' FROM:'gzivhsom@...' 
RCPT:'hel@...': Malformed HELO (HELO 'mail.netcellsolutions.com' does 
not match reverse DNS 'host-89-240-10-108.static.as13285.net')



Thanks,
Jim Klimov

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.