Ori, > > RFC 5321, section 4.4 has a BNF description of a Received: header.
> > http://tools.ietf.org/html/rfc5321#section-4.4
> Thank you, although I wonder where the definition of "Protocol"
With = CFWS "WITH" FWS Protocol
Protocol = "ESMTP" / "SMTP" / Attdl-Protocol
Attdl-Protocol = Atom
; Additional standard names for protocols are
; registered with the Internet Assigned Numbers
; Authority (IANA) in the "mail parameters"
; registry . SMTP servers SHOULD NOT
; use unregistered names. > and "Domain" and some other things are, it's easy enough to guess.
Do not guess, stick to RFCs.
2.3.5. Domain Names
A domain name (or often just a "domain") consists of one or more
components, separated by dots if more than one appears. In the case
of a top-level domain used by itself in an email address, a single
string is used without any dots. This makes the requirement,
described in more detail below, that only fully-qualified domain
names appear in SMTP transactions on the public Internet,
particularly important where top-level domains are involved. These
components ("labels" in DNS terminology, RFC 1035 ) are restricted
for SMTP purposes to consist of a sequence of letters, digits, and
hyphens drawn from the ASCII character set . Domain names are
used as names of hosts and of other entities in the domain name
hierarchy. For example, a domain may refer to an alias (label of a
CNAME RR) or the label of Mail eXchanger records to be used to
deliver mail instead of representing a host name. See RFC 1035 
and Section 5 of this specification.
The domain name, as described in this document and in RFC 1035 ,
is the entire, fully-qualified name (often referred to as an "FQDN").
A domain name that is not in FQDN form is no more than a local alias.
Local aliases MUST NOT appear in any SMTP transaction.
Only resolvable, fully-qualified domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
in Section 5) are permitted, as are CNAME RRs whose targets can be
resolved, in turn, to MX or address RRs. Local nicknames or
unqualified names MUST NOT be used. There are two exceptions to the
rule requiring FQDNs:
o The domain name given in the EHLO command MUST be either a primary
host name (a domain name that resolves to an address RR) or, if
the host has no name, an address literal, as described in
Section 4.1.3 and discussed further in the EHLO discussion of
o The reserved mailbox name "postmaster" may be used in a RCPT
command without domain qualification (see Section 188.8.131.52) and
MUST be accepted if so used. > I tried to intentionally make a terribly wrong Received to see if SA
> would give me a rule hit but it did not. Is there a rule for this? If
> so, how can I turn it on and off?
> Is there a place I can test only this rule?
There is no particular rule, but other rules depend on information
derived from parsed Trace Information. The best check to see if
SpamAssassin properly parsed your Received header fields is to
enable 'received-header' and 'metadata' debug areas, e.g.:
$ spamassassin -D received-header,metadata <test.msg
and see if parsed fields came out correctly.
But above all: when generating a Received header field, follow
the RFC precisely! Do not copycat samples from some other MTA,
it may not be correct. There are just too many mailers generating
nonstandard or just broken Received header fields, causing headaches
and requiring dealing with exceptions in software trying to parse it!