false positive?

[Tim Tyler]

Antony,
   Ok, that makes sense.  The violation that I see was triggered from
caramail.com though the full smtp server address follows it in
parenthesis.  Is it the configuration of their mail client or mail
server?  Is there any specific advise that I can give back to the sender?
Tim



 >> Received: from caramail.com (cmcodec01.st1.spray.net [212.78.202.246])
 >>     by lmout01.st1.spray.net (Postfix) with SMTP id 556001FECC
 >>     for <xxxx at beloit.edu>; Thu,  7 Aug 2003 21:36:59 +0200 (MEST)
 >> From: "xxxxx xxxxxx " <xxxxxx at caramail.com>

    Tim


At 09:11 PM 8/12/2003 +0100, you wrote:
>On Tuesday 12 August 2003 9:02 pm, Tim Tyler wrote:
>
> > Matt,
> >   Yes, but what about when sites use the same hostname as their domain
> > name? For instance, we have beloit.edu as our domain while also using
> > beloit.edu as our hostname for our faculty/staff smtp server.  Its not
> > totally clear to me why it should be assumed that the lack of a hostname
> > extension is necessarily a violation of any welcome rules.
>
>It isn't, for the majority of domains.
>
>The FAKE_HELO_DOTCOM rule only applies to the specific domains listed in the
>regex:
>
> > >20_head_tests.cf:header RCVD_FAKE_HELO_DOTCOM    Received =~ /^from
> > >(?:msn|yahoo|you
> > >rwebsite|lycos|excite|cs|aol|localhost|koreanmail|allexecs|mydomain|juno|e
> > >udoramail| compuserve|desertmail|excite|caramail)\.com \(/m
>
>In other words, only the following domains will match:
>msn.com
>yahoo.com
>yourwebsite.com
>lycos.com
>excite.com
>cs.com
>aol.com
>localhost.com
>koreanmail.com
>allexecs.com
>mydomain.com
>juno.com
>eudoramail.com
>compuserve.com
>desertmail.com
>excite.com (no, I don't know why it's listed twice either)
>caramail.com
>
>Mail from any other domain will not match this rule.
>
>Regards,
>
>Antony.
>
>--
>
>I can resist everything but temptation,
>I can tolerate everything but intolerance,
>and I can survive everything but death.

Tim Tyler
Network Engineer - Beloit College
tyler at beloit.edu