On 17 Sep 2015, at 15:35, Ken Johnson wrote:
Spamassassin is run by Exim.
Spamassassin version:
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07)
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:57:07 +0000)
from dpkg: spamassassin 3.4.0-2~bpo70+1
Platform: Debian 7.8
A recent surge in unfiltered spam made me re-examine log files. Every
message I found that generated a log entry like this:
:2015-09-09 07:35:40 1ZZeb1-00053O-Hy SA: Action: scanned but message
isn't
spam: score=3.7 required=4.0 (scanned in 13/13 secs | Message-Id:
ndy1ogi4nmnhyjc3ytu3ymm3mzexyjbhmty0mzy2z...@light.bylawswhippy.com).
From
<i...@bylawswhippy.com> (host=NULL [45.58.126.146]) for x...@y.com
which included the string "(host=NULL " was a message I could safely
filter
out. Or at least, could safely add two or three to the score.
What condition or attribute of received mail corresponds to a log
entry of
"host=NULL"?
That precise wording seems to be an artifact of the Exim-SA plumbing
(I've never seen SA itself generate "host=NULL" anywhere I use it) but
based on the context and DNS fact, it would appear to be an indication
that there is no valid hostname discernible for that IP address. In this
specific case, the IP has a PTR record but the name in that PTR record
has no A record confirming the name-IP relationship (or any records at
all.)
