SPAM = valid_helo_domain = helo is valid!?

This is the area for a general support questions, discussions and information that you can read and share. Post your experiences, stats and tricks and tips that are not covered elsewhere. Remember, for questions please search the FAQ first, as your question may already be answered.

Moderators: wizard, magicspam

Post Reply
psmartin
Posts: 2
Joined: Thu Sep 03, 2009 6:30 am

SPAM = valid_helo_domain = helo is valid!?

Post by psmartin » Fri Oct 02, 2009 8:04 am

2009-10-01 13:30:47 magicspam-plesk[24800]: SPAM[valid_helo_domain]: mua=0,ip=[24.177.26.214:mail.wtrj.org],helo=<WTRJ_EX_02.wtrj.org>,from=<carriert@WTRJ.org>,rcpt=<susan.reilly@westwoodpharmacy.com>

Is there any explanation on why this would have occured? WTRJ_EX_02.wtrj.org exists in DNS...

magicspam
Posts: 1553
Joined: Tue Oct 28, 2008 2:27 pm

Re: SPAM = valid_helo_domain = helo is valid!?

Post by magicspam » Fri Oct 02, 2009 9:04 am

Hello psmartin,

Are you sure that HELO resolves in DNS? It is confirmed as not resolving on our side, and I would be surprised if it did in any public DNS space as it does not appear to be using proper encoding for the hostname part.

The valid_helo_domain rule operates based on the principle of ARPANET naming conventions for DNS hosts as follows:
It derives from the original ARPANET rules for the
naming of hosts (i.e., the "hostname" rule) and is perhaps better
described as the "LDH rule", after the characters that it permits.
The LDH rule, as updated, provides that the labels (words or strings
separated by periods) that make up a domain name must consist of only
the ASCII [ASCII] alphabetic and numeric characters, plus the hyphen.
No other symbols or punctuation characters are permitted, nor is
blank space. If the hyphen is used, it is not permitted to appear at
either the beginning or end of a label. There is an additional rule
that essentially requires that top-level domain names not be all-
numeric.
So, in this particular case, the host name 'wtrj_ex_02' violates this rule through the use of the underscore character which is NOT part of the approved character set for public DNS host records.

We should point out as well that the hostname does not resolve against wtrj.org 's registered name servers either when queried directly.
-- MagicSpam Support Team --

Post Reply

Return to “General Discussions and Support Questions”

Who is online

Users browsing this forum: No registered users and 24 guests