From: "Matt Kettler" <[EMAIL PROTECTED]>
Jason Haar wrote:HOST_EQ_D_D_D_D isn't part of standard SA - where did that come from?It appears to come from: http://www.rulesemporium.com/rules/88_FVGT_headers.cf header HOST_EQ_D_D_D_D X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^ ]+\d{1,3}[^0-9]\d{1,3}[^0-9]\d{1,3}[^0-9]\d{1,3}[^ ]+ / score HOST_EQ_D_D_D_D 0.665 #counts HOST_EQ_D_D_D_D 10886s/231h of 41745 corpus (34134s/7611h FVGT) 03/29/06 header HOST_EQ_D_D_D_DB X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=\d{1,3}[^0-9]\d{1,3}[^0-9]\d{1,3}[^0-9]\d{1,3}[^ ]+ / score HOST_EQ_D_D_D_DB 0.888 #counts HOST_EQ_D_D_D_DB 4324s/71h of 42070 corpus (34144s/7926h FVGT) 04/19/06From the looks of it they're detecting untrusted relays which reverse-dns nameswhich are of the typical host-208-39-141-94.example.com format for dynamic hosts.
It's time for Fred to work over 88_FGVT rule scores a little. Or else
I get a different mix of spam than he does. I just set FM_3PLUS_NODNS
and FB_SINGLE_1WORD to zero. They were not hitting much of anything and
what they hit was more ham than spam.
{^_^}
