Menu
▾
▴
[Assp-test] Internationalized domain names / IP in HELO?
|
From: Dirk K. <d.k...@ne...> - 2024-10-08 20:16:28
|
Hi everybody, I see log lines, where mail coming from servers with an internationalized domain name is blocked. It's absolutely correct these are blocked for various reasons, but I wonder about the IP detection in HELO. The DNS reverse lookup for these IPs is fine. There are numbers in their HELO, but the format cannot qualify for a IPV4 or IPV6 address. Maybe the magic for disseminating the string and putting the IP back together can be improved. Some examples (log lines filtered for these punycode HELOs): Oct 8 16:38:48 localhost assp.pl[1310093]: m1-98327-13400 [Worker_1] 213.202.222.155 aj...@fi...<mailto:aj...@fi...> Message-Score: added 39 (fiphValencePB) for Suspicious HELO - contains IP: 'xn--80avu.042.xn--p1acf', total score for this message is now 39 Oct 8 16:38:48 localhost assp.pl[1310093]: m1-98327-13400 [Worker_1] 213.202.222.155 aj...@fi...<mailto:aj...@fi...> [scoring] (Suspicious HELO - contains IP: 'xn--80avu.042.xn--p1acf') Oct 8 16:38:48 localhost assp.pl[1310093]: m1-98327-13400 [Worker_1] 213.202.222.155 aj...@fi...<mailto:aj...@fi...> Message-Score: added 60 (fiphmValencePB) for IP in HELO 'xn--80avu.042.xn--p1acf' does not match IP in connection '213.202.222.155' , total score for this message is now 99 Oct 8 16:38:48 localhost assp.pl[1310093]: m1-98327-13400 [Worker_1] 213.202.222.155 aj...@fi...<mailto:aj...@fi...> [scoring] (IP in HELO 'xn--80avu.042.xn--p1acf' does not match IP in connection '213.202.222.155' ) Oct 8 16:38:48 localhost assp.pl[1310093]: m1-98327-13400 [Worker_1] 213.202.222.155 aj...@fi...<mailto:aj...@fi...> Message-Score: added 10 (ihValencePB) for not valid HELO: 'xn--80avu.042.xn--p1acf', total score for this message is now 109 Oct 8 16:38:48 localhost assp.pl[1310093]: m1-98327-13400 [Worker_1] [InvalidHELO] 213.202.222.155 aj...@fi...<mailto:aj...@fi...> [spam found] (not valid HELO: 'xn--80avu.042.xn--p1acf') Oct 8 17:30:53 localhost assp.pl[1310093]: m1-01452-12103 [Worker_1] 37.48.122.143 yd...@bi...<mailto:yd...@bi...> Message-Score: added 39 (fiphValencePB) for Suspicious HELO - contains IP: 'xn--90amo.086.xn--p1acf', total score for this message is now 39 Oct 8 17:30:53 localhost assp.pl[1310093]: m1-01452-12103 [Worker_1] 37.48.122.143 yd...@bi...<mailto:yd...@bi...> [scoring] (Suspicious HELO - contains IP: 'xn--90amo.086.xn--p1acf') Oct 8 17:30:53 localhost assp.pl[1310093]: m1-01452-12103 [Worker_1] 37.48.122.143 yd...@bi...<mailto:yd...@bi...> Message-Score: added 60 (fiphmValencePB) for IP in HELO 'xn--90amo.086.xn--p1acf' does not match IP in connection '37.48.122.143' , total score for this message is now 99 Oct 8 17:30:53 localhost assp.pl[1310093]: m1-01452-12103 [Worker_1] 37.48.122.143 yd...@bi...<mailto:yd...@bi...> [scoring] (IP in HELO 'xn--90amo.086.xn--p1acf' does not match IP in connection '37.48.122.143' ) Oct 8 17:30:53 localhost assp.pl[1310093]: m1-01452-12103 [Worker_1] 37.48.122.143 yd...@bi...<mailto:yd...@bi...> Message-Score: added 10 (ihValencePB) for not valid HELO: 'xn--90amo.086.xn--p1acf', total score for this message is now 109 Oct 8 17:30:53 localhost assp.pl[1310093]: m1-01452-12103 [Worker_1] [InvalidHELO] 37.48.122.143 yd...@bi...<mailto:yd...@bi...> [spam found] (not valid HELO: 'xn--90amo.086.xn--p1acf') Oct 8 17:51:44 localhost assp.pl[1310093]: m1-02703-13015 [Worker_1] 5.199.138.53 oc...@di...<mailto:oc...@di...> Message-Score: added 39 (fiphValencePB) for Suspicious HELO - contains IP: 'xn--e1aub.068.xn--p1acf', total score for this message is now 39 Oct 8 17:51:44 localhost assp.pl[1310093]: m1-02703-13015 [Worker_1] 5.199.138.53 oc...@di...<mailto:oc...@di...> [scoring] (Suspicious HELO - contains IP: 'xn--e1aub.068.xn--p1acf') Oct 8 17:51:44 localhost assp.pl[1310093]: m1-02703-13015 [Worker_1] 5.199.138.53 oc...@di...<mailto:oc...@di...> Message-Score: added 60 (fiphmValencePB) for IP in HELO 'xn--e1aub.068.xn--p1acf' does not match IP in connection '5.199.138.53' , total score for this message is now 99 Oct 8 17:51:44 localhost assp.pl[1310093]: m1-02703-13015 [Worker_1] 5.199.138.53 oc...@di...<mailto:oc...@di...> [scoring] (IP in HELO 'xn--e1aub.068.xn--p1acf' does not match IP in connection '5.199.138.53' ) Oct 8 17:51:44 localhost assp.pl[1310093]: m1-02703-13015 [Worker_1] 5.199.138.53 oc...@di...<mailto:oc...@di...> Message-Score: added 10 (ihValencePB) for not valid HELO: 'xn--e1aub.068.xn--p1acf', total score for this message is now 109 Oct 8 17:51:44 localhost assp.pl[1310093]: m1-02703-13015 [Worker_1] [InvalidHELO] 5.199.138.53 oc...@di...<mailto:oc...@di...> [spam found] (not valid HELO: 'xn--e1aub.068.xn--p1acf') Oct 8 18:07:14 localhost assp.pl[1310093]: m1-03634-11949 [Worker_1] 37.48.78.112 oq...@re...<mailto:oq...@re...> Message-Score: added 39 (fiphValencePB) for Suspicious HELO - contains IP: 'xn--80aua.xn--80ag7c.xn--p1acf', total score for this message is now 39 Oct 8 18:07:14 localhost assp.pl[1310093]: m1-03634-11949 [Worker_1] 37.48.78.112 oq...@re...<mailto:oq...@re...> [scoring] (Suspicious HELO - contains IP: 'xn--80aua.xn--80ag7c.xn--p1acf') Oct 8 18:07:14 localhost assp.pl[1310093]: m1-03634-11949 [Worker_1] 37.48.78.112 oq...@re...<mailto:oq...@re...> Message-Score: added 60 (fiphmValencePB) for IP in HELO 'xn--80aua.xn--80ag7c.xn--p1acf' does not match IP in connection '37.48.78.112' , total score for this message is now 99 Oct 8 18:07:14 localhost assp.pl[1310093]: m1-03634-11949 [Worker_1] 37.48.78.112 oq...@re...<mailto:oq...@re...> [scoring] (IP in HELO 'xn--80aua.xn--80ag7c.xn--p1acf' does not match IP in connection '37.48.78.112' ) Oct 8 18:07:14 localhost assp.pl[1310093]: m1-03634-11949 [Worker_1] 37.48.78.112 oq...@re...<mailto:oq...@re...> Message-Score: added 10 (ihValencePB) for not valid HELO: 'xn--80aua.xn--80ag7c.xn--p1acf', total score for this message is now 109 Oct 8 18:07:14 localhost assp.pl[1310093]: m1-03634-11949 [Worker_1] [InvalidHELO] 37.48.78.112 oq...@re...<mailto:oq...@re...> [spam found] (not valid HELO: 'xn--80aua.xn--80ag7c.xn--p1acf') Oct 8 18:11:23 localhost assp.pl[1310093]: m1-03882-00797 [Worker_1] 81.171.24.123 az...@no...tos<mailto:az...@no...tos> Message-Score: added 39 (fiphValencePB) for Suspicious HELO - contains IP: 'xn--e1ae4e.008.xn--p1acf', total score for this message is now 39 Oct 8 18:11:23 localhost assp.pl[1310093]: m1-03882-00797 [Worker_1] 81.171.24.123 az...@no...tos<mailto:az...@no...tos> [scoring] (Suspicious HELO - contains IP: 'xn--e1ae4e.008.xn--p1acf') Oct 8 18:11:23 localhost assp.pl[1310093]: m1-03882-00797 [Worker_1] 81.171.24.123 az...@no...tos<mailto:az...@no...tos> Message-Score: added 60 (fiphmValencePB) for IP in HELO 'xn--e1ae4e.008.xn--p1acf' does not match IP in connection '81.171.24.123' , total score for this message is now 99 Oct 8 18:11:23 localhost assp.pl[1310093]: m1-03882-00797 [Worker_1] 81.171.24.123 az...@no...tos<mailto:az...@no...tos> [scoring] (IP in HELO 'xn--e1ae4e.008.xn--p1acf' does not match IP in connection '81.171.24.123' ) Oct 8 18:11:23 localhost assp.pl[1310093]: m1-03882-00797 [Worker_1] 81.171.24.123 az...@no...tos<mailto:az...@no...tos> Message-Score: added 10 (ihValencePB) for not valid HELO: 'xn--e1ae4e.008.xn--p1acf', total score for this message is now 109 Oct 8 18:11:23 localhost assp.pl[1310093]: m1-03882-00797 [Worker_1] [InvalidHELO] 81.171.24.123 az...@no...tos<mailto:az...@no...tos> [spam found] (not valid HELO: 'xn--e1ae4e.008.xn--p1acf') Oct 8 18:15:39 localhost assp.pl[1310093]: m1-04138-07089 [Worker_1] 147.45.197.127 ah...@it...keup<mailto:ah...@it...keup> Message-Score: added 39 (fiphValencePB) for Suspicious HELO - contains IP: 'xn--80aa9a.011.xn--p1acf', total score for this message is now 39 Oct 8 18:15:39 localhost assp.pl[1310093]: m1-04138-07089 [Worker_1] 147.45.197.127 ah...@it...keup<mailto:ah...@it...keup> [scoring] (Suspicious HELO - contains IP: 'xn--80aa9a.011.xn--p1acf') Oct 8 18:15:39 localhost assp.pl[1310093]: m1-04138-07089 [Worker_1] 147.45.197.127 ah...@it...keup<mailto:ah...@it...keup> Message-Score: added 60 (fiphmValencePB) for IP in HELO 'xn--80aa9a.011.xn--p1acf' does not match IP in connection '147.45.197.127' , total score for this message is now 99 Oct 8 18:15:39 localhost assp.pl[1310093]: m1-04138-07089 [Worker_1] 147.45.197.127 ah...@it...keup<mailto:ah...@it...keup> [scoring] (IP in HELO 'xn--80aa9a.011.xn--p1acf' does not match IP in connection '147.45.197.127' ) Oct 8 18:15:39 localhost assp.pl[1310093]: m1-04138-07089 [Worker_1] 147.45.197.127 ah...@it...keup<mailto:ah...@it...keup> Message-Score: added 10 (ihValencePB) for not valid HELO: 'xn--80aa9a.011.xn--p1acf', total score for this message is now 109 Oct 8 18:15:39 localhost assp.pl[1310093]: m1-04138-07089 [Worker_1] [InvalidHELO] 147.45.197.127 ah...@it...keup<mailto:ah...@it...keup> [spam found] (not valid HELO: 'xn--80aa9a.011.xn--p1acf') Oct 8 18:41:23 localhost assp.pl[1310093]: m1-05682-05491 [Worker_1] 37.48.78.112 eh...@re...<mailto:eh...@re...> Message-Score: added 39 (fiphValencePB) for Suspicious HELO - contains IP: 'xn--80aua.xn--80ag7c.xn--p1acf', total score for this message is now 39 Oct 8 18:41:23 localhost assp.pl[1310093]: m1-05682-05491 [Worker_1] 37.48.78.112 eh...@re...<mailto:eh...@re...> [scoring] (Suspicious HELO - contains IP: 'xn--80aua.xn--80ag7c.xn--p1acf') Oct 8 18:41:23 localhost assp.pl[1310093]: m1-05682-05491 [Worker_1] 37.48.78.112 eh...@re...<mailto:eh...@re...> Message-Score: added 60 (fiphmValencePB) for IP in HELO 'xn--80aua.xn--80ag7c.xn--p1acf' does not match IP in connection '37.48.78.112' , total score for this message is now 99 Oct 8 18:41:23 localhost assp.pl[1310093]: m1-05682-05491 [Worker_1] 37.48.78.112 eh...@re...<mailto:eh...@re...> [scoring] (IP in HELO 'xn--80aua.xn--80ag7c.xn--p1acf' does not match IP in connection '37.48.78.112' ) Oct 8 18:41:23 localhost assp.pl[1310093]: m1-05682-05491 [Worker_1] 37.48.78.112 eh...@re...<mailto:eh...@re...> Message-Score: added 10 (ihValencePB) for not valid HELO: 'xn--80aua.xn--80ag7c.xn--p1acf', total score for this message is now 109 Oct 8 18:41:23 localhost assp.pl[1310093]: m1-05682-05491 [Worker_1] [InvalidHELO] 37.48.78.112 eh...@re...<mailto:eh...@re...> [spam found] (not valid HELO: 'xn--80aua.xn--80ag7c.xn--p1acf') Oct 8 18:52:30 localhost assp.pl[1310093]: m1-06349-06013 [Worker_1] 37.48.78.112 ot...@re...<mailto:ot...@re...> Message-Score: added 39 (fiphValencePB) for Suspicious HELO - contains IP: 'xn--80aua.xn--80ag7c.xn--p1acf', total score for this message is now 39 Oct 8 18:52:30 localhost assp.pl[1310093]: m1-06349-06013 [Worker_1] 37.48.78.112 ot...@re...<mailto:ot...@re...> [scoring] (Suspicious HELO - contains IP: 'xn--80aua.xn--80ag7c.xn--p1acf') Oct 8 18:52:30 localhost assp.pl[1310093]: m1-06349-06013 [Worker_1] 37.48.78.112 ot...@re...<mailto:ot...@re...> Message-Score: added 60 (fiphmValencePB) for IP in HELO 'xn--80aua.xn--80ag7c.xn--p1acf' does not match IP in connection '37.48.78.112' , total score for this message is now 99 Oct 8 18:52:30 localhost assp.pl[1310093]: m1-06349-06013 [Worker_1] 37.48.78.112 ot...@re...<mailto:ot...@re...> [scoring] (IP in HELO 'xn--80aua.xn--80ag7c.xn--p1acf' does not match IP in connection '37.48.78.112' ) Oct 8 18:52:30 localhost assp.pl[1310093]: m1-06349-06013 [Worker_1] 37.48.78.112 ot...@re...<mailto:ot...@re...> Message-Score: added 10 (ihValencePB) for not valid HELO: 'xn--80aua.xn--80ag7c.xn--p1acf', total score for this message is now 109 Oct 8 18:52:30 localhost assp.pl[1310093]: m1-06349-06013 [Worker_1] [InvalidHELO] 37.48.78.112 ot...@re...<mailto:ot...@re...> [spam found] (not valid HELO: 'xn--80aua.xn--80ag7c.xn--p1acf') Oct 8 18:55:15 localhost assp.pl[1310093]: m1-06514-12952 [Worker_1] 81.171.24.123 ov...@no...tos<mailto:ov...@no...tos> Message-Score: added 39 (fiphValencePB) for Suspicious HELO - contains IP: 'xn--e1ae4e.008.xn--p1acf', total score for this message is now 39 Oct 8 18:55:15 localhost assp.pl[1310093]: m1-06514-12952 [Worker_1] 81.171.24.123 ov...@no...tos<mailto:ov...@no...tos> [scoring] (Suspicious HELO - contains IP: 'xn--e1ae4e.008.xn--p1acf') Oct 8 18:55:15 localhost assp.pl[1310093]: m1-06514-12952 [Worker_1] 81.171.24.123 ov...@no...tos<mailto:ov...@no...tos> Message-Score: added 60 (fiphmValencePB) for IP in HELO 'xn--e1ae4e.008.xn--p1acf' does not match IP in connection '81.171.24.123' , total score for this message is now 99 Oct 8 18:55:15 localhost assp.pl[1310093]: m1-06514-12952 [Worker_1] 81.171.24.123 ov...@no...tos<mailto:ov...@no...tos> [scoring] (IP in HELO 'xn--e1ae4e.008.xn--p1acf' does not match IP in connection '81.171.24.123' ) Oct 8 18:55:15 localhost assp.pl[1310093]: m1-06514-12952 [Worker_1] 81.171.24.123 ov...@no...tos<mailto:ov...@no...tos> Message-Score: added 10 (ihValencePB) for not valid HELO: 'xn--e1ae4e.008.xn--p1acf', total score for this message is now 109 Oct 8 18:55:15 localhost assp.pl[1310093]: m1-06514-12952 [Worker_1] [InvalidHELO] 81.171.24.123 ov...@no...tos<mailto:ov...@no...tos> [spam found] (not valid HELO: 'xn--e1ae4e.008.xn--p1acf') Oct 8 19:07:39 localhost assp.pl[1310093]: m1-07258-05182 [Worker_1] 81.171.24.123 if...@no...tos<mailto:if...@no...tos> Message-Score: added 39 (fiphValencePB) for Suspicious HELO - contains IP: 'xn--e1ae4e.008.xn--p1acf', total score for this message is now 39 Oct 8 19:07:39 localhost assp.pl[1310093]: m1-07258-05182 [Worker_1] 81.171.24.123 if...@no...tos<mailto:if...@no...tos> [scoring] (Suspicious HELO - contains IP: 'xn--e1ae4e.008.xn--p1acf') Oct 8 19:07:39 localhost assp.pl[1310093]: m1-07258-05182 [Worker_1] 81.171.24.123 if...@no...tos<mailto:if...@no...tos> Message-Score: added 60 (fiphmValencePB) for IP in HELO 'xn--e1ae4e.008.xn--p1acf' does not match IP in connection '81.171.24.123' , total score for this message is now 99 Oct 8 19:07:39 localhost assp.pl[1310093]: m1-07258-05182 [Worker_1] 81.171.24.123 if...@no...tos<mailto:if...@no...tos> [scoring] (IP in HELO 'xn--e1ae4e.008.xn--p1acf' does not match IP in connection '81.171.24.123' ) Oct 8 19:07:39 localhost assp.pl[1310093]: m1-07258-05182 [Worker_1] 81.171.24.123 if...@no...tos<mailto:if...@no...tos> Message-Score: added 10 (ihValencePB) for not valid HELO: 'xn--e1ae4e.008.xn--p1acf', total score for this message is now 109 Oct 8 19:07:39 localhost assp.pl[1310093]: m1-07258-05182 [Worker_1] [InvalidHELO] 81.171.24.123 if...@no...tos<mailto:if...@no...tos> [spam found] (not valid HELO: 'xn--e1ae4e.008.xn--p1acf') Oct 8 19:13:36 localhost assp.pl[1310093]: m1-07615-02450 [Worker_1] 37.48.78.112 im...@re...<mailto:im...@re...> Message-Score: added 39 (fiphValencePB) for Suspicious HELO - contains IP: 'xn--80aua.xn--80ag7c.xn--p1acf', total score for this message is now 39 Oct 8 19:13:36 localhost assp.pl[1310093]: m1-07615-02450 [Worker_1] 37.48.78.112 im...@re...<mailto:im...@re...> [scoring] (Suspicious HELO - contains IP: 'xn--80aua.xn--80ag7c.xn--p1acf') Oct 8 19:13:36 localhost assp.pl[1310093]: m1-07615-02450 [Worker_1] 37.48.78.112 im...@re...<mailto:im...@re...> Message-Score: added 60 (fiphmValencePB) for IP in HELO 'xn--80aua.xn--80ag7c.xn--p1acf' does not match IP in connection '37.48.78.112' , total score for this message is now 99 Oct 8 19:13:36 localhost assp.pl[1310093]: m1-07615-02450 [Worker_1] 37.48.78.112 im...@re...<mailto:im...@re...> [scoring] (IP in HELO 'xn--80aua.xn--80ag7c.xn--p1acf' does not match IP in connection '37.48.78.112' ) Oct 8 19:13:36 localhost assp.pl[1310093]: m1-07615-02450 [Worker_1] 37.48.78.112 im...@re...<mailto:im...@re...> Message-Score: added 10 (ihValencePB) for not valid HELO: 'xn--80aua.xn--80ag7c.xn--p1acf', total score for this message is now 109 Oct 8 19:13:36 localhost assp.pl[1310093]: m1-07615-02450 [Worker_1] [InvalidHELO] 37.48.78.112 im...@re...<mailto:im...@re...> [spam found] (not valid HELO: 'xn--80aua.xn--80ag7c.xn--p1acf') |
