We are getting heaps of false positives off these rules - ironically mainly from our IT services dealers/sellers/etc.
Since upgrading from SA-3.1* to 3.2.0, we have discovered that it appears most small New Zealand businesses run mail servers on DSL links with PTR records of the format "NN-NN-NN-NN.isp.carrier.nz". Hence they end up with 2.2 points (FH_HOST_EQ_D_D_D_D,FH_HOST_EQ_D_D_D_DB,RDNS_DYNAMIC) added without any real effort. That plus their sputty HTML mails pushes them into the 5-7 range. I know SA isn't really doing anything wrong, but are people in other countries seeing this too? If so, it may imply the default scores are too high? Obviously I'm going to have to lower those scores to compensate - I bet more spam will come through too :-( -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
