You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Niamh Holding <ni...@fullbore.co.uk> on 2012/12/02 15:29:01 UTC
HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
Hello
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
mail.redbus.holtain.net
X-Spam-Flag: YES
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.2 required=4.5 autolearn=no
X-Spam-Report:
* 3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
* 2)
* 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
* IP)
* -0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
* -2.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.0000]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
* 0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
* 1.0 RDNS_DYNAMIC Delivered to internal network by host with
* dynamic-looking rDNS
* 0.0 T_REMOTE_IMAGE Message contains an external image
X-Spam-Relays-Untrusted: [ ip=159.253.211.188
rdns=159.253.211.188.srvlist.ukfast.net
helo=159.253.211.188.srvlist.ukfast.net by=mail.redbus.holtain.net ident=
envfrom= intl=0 id= auth= msa=0 ] [ ip=159.253.211.188 rdns= helo= by= ident=
envfrom= intl=0 id= auth= msa=0 ]
X-Spam-Language: en
X-Spam-DKIM-i:
X-Spam-DKIM-d:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_50BB4CB1.94D30094"
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Kevin,
Monday, December 10, 2012, 2:39:39 PM, you wrote:
KAM> Doesn't matter really. Whomever has the sample?
Done and 2 samples attached to the report.
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 12/10/2012 9:37 AM, Niamh Holding wrote:
> Hello Kevin,
>
> Monday, December 10, 2012, 2:25:06 PM, you wrote:
>
> KAM> Can you open a bug please?
>
> Me, or Matus?
>
Doesn't matter really. Whomever has the sample?
Re: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Kevin,
Monday, December 10, 2012, 2:25:06 PM, you wrote:
KAM> Can you open a bug please?
Me, or Matus?
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 12/16/2012 1:00 PM, Matus UHLAR - fantomas wrote:
>
> On 10.12.12 09:25, Kevin A. McGrail wrote:
>> Interesting. Can you open a bug please? Any one with a sample issue
>> please put it on pastebin and add to the bug.
>
> there are already multiple bugs open for these issues... 5143, 5664
> ... for
> example. There seem to be way too many rules trying to catch dynamic,
> generic or other HELO strings, and when multiple of them hit, it most
> probably causes. I don't feel I (we) should submit another one if
> these are
> not being worked on...
>
If you want to pick the one closes to the issue and add samples, I'll
see what I can do to look at it for false positives.
Re: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>>On 02.12.12 14:29, Niamh Holding wrote:
>>>Subject: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
>>
>>>X-Spam-Report:
>>> * 3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious
>>>hostname (IP addr
>>> * 2)
>>> * 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious
>>>hostname (Split
>>> * IP)
>On 12/9/2012 10:17 AM, Matus UHLAR - fantomas wrote:
>>...again two rules designed the sime kind of behavior.
>>one should be removed, score of both lowered or a meta constructed to
>>balance...
On 10.12.12 09:25, Kevin A. McGrail wrote:
>Interesting. Can you open a bug please? Any one with a sample issue
>please put it on pastebin and add to the bug.
there are already multiple bugs open for these issues... 5143, 5664 ... for
example. There seem to be way too many rules trying to catch dynamic,
generic or other HELO strings, and when multiple of them hit, it most
probably causes. I don't feel I (we) should submit another one if these are
not being worked on...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...
Re: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 12/9/2012 10:17 AM, Matus UHLAR - fantomas wrote:
> On 02.12.12 14:29, Niamh Holding wrote:
>> Subject: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
>
>> X-Spam-Report:
>> * 3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious
>> hostname (IP addr
>> * 2)
>> * 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious
>> hostname (Split
>> * IP)
>
> ...again two rules designed the sime kind of behavior.
> one should be removed, score of both lowered or a meta constructed to
> balance...
Interesting. Can you open a bug please? Any one with a sample issue
please put it on pastebin and add to the bug.
regards,
KAM
Re: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 02.12.12 14:29, Niamh Holding wrote:
>Subject: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
>X-Spam-Report:
> * 3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
> * 2)
> * 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
> * IP)
...again two rules designed the sime kind of behavior.
one should be removed, score of both lowered or a meta constructed to
balance...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler