It didn't get marked as spam since it appears to come from us, though the IP address is located in Puerto Rico. I was just wondering how they get biocontrolsys.com associated with their IP address. Is it a completely manufactured (not "real") header? Can you create a test for this?
First, anyone who controls the RDNS for their own IP range can put *anything* they want in there. If you caught me a couple years ago I had sub-delegation for the IP blocks used here at EVI.. I could have had any of my IP addresses reverse DNS as "www.aol.com" at any time I wanted. Of course, the forward wouldn't match.. but the reverse can say whatever you want.
However, in this case, they didn't do that
Received: from biocontrolsys.com ([66.50.175.12])
note that 66.50.175.12 has *no* reverse DNS at all.. so in this case, their system issued a HELO "biocontrolsys.com", but the IP address reversed as nothing.. If it had RDNSed it would look like this instead (at least in sendmail, which you seem to use):
Received: from biocontrolsys.com (biocontrolsys.com [66.50.175.12])
Sounds like you've got some kind of bug in your method for excluding SA from running. It should only exclude emails from IPs which really RDNS as your domain, or better yet, do it by IP address blocks instead of domain name (thus preventing the possibility of the above case).
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
