Re: cumulating dyn dns rules

[Kevin A. McGrail]

I believe FH_HELO_EQ_D_D_D_D is already being removed https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6778 Regards, KAM On 3/27/2012 11:08 AM, Stephane Chazelas wrote: Hello, we've had a false positive reported for those headers: Return-Path: <...@northernnetworking.co.uk> X-Spam-Flag: YES X-Spam-Score: 3.679 X-Spam-Level: *** X-Spam-Status: Yes, score=3.679 tagged_above=0 required=3.1 tests=[BAYES_00=-3.599, DYN_RDNS_AND_INLINE_IMAGE=1.168, FH_HELO_EQ_D_D_D_D=3.177, HELO_DYNAMIC_IPADDR=1.951, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.982, SPF_PASS=-0.001] autolearn=no [...] Received: from lvps92-60-123-131.vps.webfusion.co.uk (lvps92-60-123-131.vps.webfusion.co.uk [92.60.123.131]) [...] Without BAYES, that email would have been discarded on the sole base that it is coming from a server whose hostname (both PTR record and HELO hostname) looks like a dynamic one. That IP address is the MX and SPF for northernnetworking.co.uk (and also the MX for a number of other domains as seen at http://www.reversemx.com/mxip/92.60.123.131/), all genuine AFAICT. AFAICT, "vps" stands for "virtual private server" at the webfusion hosting company, the IP address is not dynamic. But even if it were, wouldn't that score be a bit excessive? Aren't FH_HELO_EQ_D_D_D_D and HELO_DYNAMIC_IPADDR redundant/overlapping? -- Kevin A. McGrail President Peregrine Computer Consultants Corporation 3927 Old Lee Highway, Suite 102-C Fairfax, VA 22030-2422 http://www.pccc.com/ 703-359-9700 x50 / 800-823-8402 (Toll-Free) 703-359-8451 (fax) kmcgr...@pccc.com