KMcGrail at PCCC
Mar 28, 2012, 8:36 AM
Post #2 of 6
(391 views)
Permalink
|
I believe
FH_HELO_EQ_D_D_D_D
is already being removed
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6778
Regards,
KAM
On 3/27/2012 11:08 AM, Stephane Chazelas wrote:
> Hello, we've had a false positive reported for those headers:
>
> Return-Path:<...@northernnetworking.co.uk>
> X-Spam-Flag: YES
> X-Spam-Score: 3.679
> X-Spam-Level: ***
> X-Spam-Status: Yes, score=3.679 tagged_above=0 required=3.1
> tests=[BAYES_00=-3.599, DYN_RDNS_AND_INLINE_IMAGE=1.168,
> FH_HELO_EQ_D_D_D_D=3.177, HELO_DYNAMIC_IPADDR=1.951,
> HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.982, SPF_PASS=-0.001] autolearn=no
> [...]
> Received: from lvps92-60-123-131.vps.webfusion.co.uk (lvps92-60-123-131.vps.webfusion.co.uk [92.60.123.131])
> [...]
>
>
> Without BAYES, that email would have been discarded on the sole
> base that it is coming from a server whose hostname (both PTR
> record and HELO hostname) looks like a dynamic one.
>
> That IP address is the MX and SPF for northernnetworking.co.uk
> (and also the MX for a number of other domains as seen at
> http://www.reversemx.com/mxip/92.60.123.131/), all genuine
> AFAICT.
>
> AFAICT, "vps" stands for "virtual private server" at the
> webfusion hosting company, the IP address is not dynamic.
>
> But even if it were, wouldn't that score be a bit excessive?
> Aren't FH_HELO_EQ_D_D_D_D and HELO_DYNAMIC_IPADDR
> redundant/overlapping?
>
--
*Kevin A. McGrail*
President
Peregrine Computer Consultants Corporation
3927 Old Lee Highway, Suite 102-C
Fairfax, VA 22030-2422
http://www.pccc.com/
703-359-9700 x50 / 800-823-8402 (Toll-Free)
703-359-8451 (fax)
KMcGrail [at] PCCC <mailto:kmcgrail [at] pccc>
|
pccc_logo.gif
