Wizard IT Products

2009-10-01 13:30:47 magicspam-plesk[24800]: SPAM[valid_helo_domain]: mua=0,ip=[24.177.26.214:mail.wtrj.org],helo=<WTRJ_EX_02.wtrj.org>,from=<carriert@WTRJ.org>,rcpt=<susan.reilly@westwoodpharmacy.com>

Is there any explanation on why this would have occured? WTRJ_EX_02.wtrj.org exists in DNS...

Hello psmartin,

Are you sure that HELO resolves in DNS? It is confirmed as not resolving on our side, and I would be surprised if it did in any public DNS space as it does not appear to be using proper encoding for the hostname part.

The valid_helo_domain rule operates based on the principle of ARPANET naming conventions for DNS hosts as follows:

It derives from the original ARPANET rules for the
naming of hosts (i.e., the "hostname" rule) and is perhaps better
described as the "LDH rule", after the characters that it permits.
The LDH rule, as updated, provides that the labels (words or strings
separated by periods) that make up a domain name must consist of only
the ASCII [ASCII] alphabetic and numeric characters, plus the hyphen.
No other symbols or punctuation characters are permitted, nor is
blank space. If the hyphen is used, it is not permitted to appear at
either the beginning or end of a label. There is an additional rule
that essentially requires that top-level domain names not be all-
numeric.

So, in this particular case, the host name 'wtrj_ex_02' violates this rule through the use of the underscore character which is NOT part of the approved character set for public DNS host records.

We should point out as well that the hostname does not resolve against wtrj.org 's registered name servers either when queried directly.