Revisions for HELO/IP/MAIL relationship check
??changed:
-
The purpose of the HELO MAIL FROM test is to find one type of relationship between the sending server IP and the envelope-from domain. If they are related - telling the SIQ server to include the domain's reputation when scoring is likely to be a valid thing to do. (Other types of relationships are tested in the SIQ server, but doing THIS test in the query client obviates the need to send the HELO domain in the query.)
If a message FAILS this test - NO HARM no downgrade nothing bad occurs. **This is a test that helps find more ham.**
Does the base domain of the HELO = the base domain of the envelope-from domain? (ML=1)
Is the A record for the HELO in the same /24 as the sending server IP? (HL=1)
**Here's how the test is implemented in the python siqmilter:**
<PRE>
hl = ml = False
if helodom:
# Check HL and ML
if listEndsWith(helodom.lower().split('.'), domain.lower().split('.')):
flags = flags | M_ML
ml = True
if classc(ip) in map(classc, lookupAddresses(helodom)):
flags = flags | M_HL
hl = True
</PRE>
One bit would really be sufficient but Anthony wanted to send it as two bits, so that's how it was done.
**Example of the importance of the HELO/MAIL/IP test**
**original protocol, no HL/ML bits**
somehost:/home/milter/milter# ./siq.py dempseybus.com 63.196.45.8
Checking dempseybus.com from 63.196.45.8 (server db.outboundindex.net)
score=10
**The sender is NOT golden - they are suspect** because we cannot include the good points their DOMAIN would earn - no relationship can be seen between the sending server IP and env-from domain.
<HR>
**and now - same query including the HELO/MAIL/IP test**
somehost:/home/milter/milter# python2.3 siq18client.py -ssiq-b.emailserverindex.org -dmail.dempseybus.com dempseybus.com 63.196.45.8
Checking dempseybus.com from 63.196.45.8 (server siq-b.emailserverindex.org)
score=100
**The sender is golden - they get a score 100 - because we found a relationship between sending server IP and env-from domain - so we could include the good points for their DOMAIN records.**