On Fri, 05 Jun 2009 06:20:12 -0400 Michael Scheidell <scheid...@secnap.net> wrote:
> I agree if FIRST untrusted FWIW the terms first and last should always be used in the client -> spamassassin direction. > does a 'helo *.lan' you should score it > high, but if they have an internal server that does a helo *.lan to > their external (bastian or smart host) and it uses a valid FQDN, you > should not score it so high. > > header HELO_LH_HOME X-Spam-Relays-Untrusted =~ /^[^\]]+ > helo=\S+\.(?:home|lan) /i This test only looks at the last hop, so I don't see your concern. Actually it should be the last hop into the internal network, presumably it's one of the tests that's fixed in SVN. IMO it should also test for "auth= "
