>> Using SA 3.3.0. Any reason why RDNS_NONE now scores 1.3, when it was
>> down to 0.1 with the previous releases ? >The score was pretty much informational only previously and arbitrarily >set. The current score is what the mass-checks and GA result in. >> The below headers trigger the rule only because the remote LAN SMTP >> client, with IP 10.10.3.3, has no rDNS. >> >> Received: from my.public.name ([<public_IP>] helo=john.fr) >> by mymta.fr with esmtps (TLSv1:AES256-SHA:256) >> id 1NowHH-0003o7-ED >> for m...@address.fr; Tue, 09 Mar 2010 11:03:03 +0100 >> Received: from exim by john.fr with spamout-scanned-ok id 1NowHG-00054b-TU >> for m...@address.fr; Tue, 09 Mar 2010 11:03:02 +0100 >> Received: from [10.10.3.4] (helo=MYPC) >> by john.fr with esmtp id 1NowHD-00054Q-SY >> for m...@address.fr; Tue, 09 Mar 2010 11:03:02 +0100 >> >> I'd rather say, for example, 1.3 for the last gateway, and 0.1 for the >> others. >I guess you need to correct your trusted and internal networks. The rule >does not deep parse, and never has. > header __RDNS_NONE X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns= / > describe RDNS_NONE Delivered to trusted network by a host with no rDNS >That host with an IP in a private, reserved range (the originating IP, >running the MUA?) delivered directly to your MX, as it seems... Here is the picture : a PC whose local IP address is 10.10.3.4 (with no rDNS) submits a message to its SMTP gateway (john.fr), which in turn delivers it to my plateform. It's an anonymous delivery to one of my local domains, but not from a trusted network. So you mean I should add all RFC1918 networks to my trusted_networks ?
