Hi,
MSGID_RANDY is firing on hams from chtah.net during the last couple
days, with a not insignificant score of 2.599.
Here is the current rule:
20_head_tests.cf:header __MSGID_RANDY Message-ID =~
/<[a-z\d][a-z\d\$-]{10,29}[a-z\d]\@[a-z\d][a-z\d.]{3,12}[a-z\d]>/
20_head_tests.cf:meta MSGID_RANDY (__MSGID_RANDY &&
!(__MSGID_OK_HEX || __MSGID_OK_DIGITS || __MSGID_OK_HOST))
20_head_tests.cf:describe MSGID_RANDY Message-Id has pattern
used in spam
and here are a couple example Message-ID headers from HAM that are
hitting this rule:
Message-Id: <b7qwr9cbxdhe9jau5utqqbw87j9...@ebm6.chtah.net>
Message-Id: <b7qf3mybxcutyyauw8y51qcayr9...@ebm5.chtah.net>
Perhaps these can be used to help tweak the rule not to fire on these
FPs, or perhaps we just need some HAM from chtah.net in the corpus to
moderate the scoring?
Both HAMs were of the type "your online statement/bill is ready", one
from Barclaycard and the other from Vodafone. I'm not able to share them
- sorry.
Anyway, just passing it along as this isn't a rule that's been on my
radar before the last week.
