MSGID_RANDY is firing on hams from chtah.net

[Ned Slider <ne...@unixmail.co.uk>]

Hi,

MSGID_RANDY is firing on hams from chtah.net during the last couple 
days, with a not insignificant score of 2.599.

Here is the current rule:

20_head_tests.cf:header __MSGID_RANDY           Message-ID =~ 
/<[a-z\d][a-z\d\$-]{10,29}[a-z\d]\@[a-z\d][a-z\d.]{3,12}[a-z\d]>/
20_head_tests.cf:meta MSGID_RANDY       (__MSGID_RANDY && 
!(__MSGID_OK_HEX || __MSGID_OK_DIGITS || __MSGID_OK_HOST))
20_head_tests.cf:describe MSGID_RANDY           Message-Id has pattern 
used in spam

and here are a couple example Message-ID headers from HAM that are 
hitting this rule:

Message-Id: <b7...@ebm6.chtah.net>
Message-Id: <b7...@ebm5.chtah.net>

Perhaps these can be used to help tweak the rule not to fire on these 
FPs, or perhaps we just need some HAM from chtah.net in the corpus to 
moderate the scoring?

Both HAMs were of the type "your online statement/bill is ready", one 
from Barclaycard and the other from Vodafone. I'm not able to share them 
- sorry.

Anyway, just passing it along as this isn't a rule that's been on my 
radar before the last week.