You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by Apache Wiki <wi...@apache.org> on 2011/09/09 15:15:55 UTC

[Spamassassin Wiki] Update of "Rules/TVD_RCVD_IP" by LeeMaguire

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.

The "Rules/TVD_RCVD_IP" page has been changed by LeeMaguire:
http://wiki.apache.org/spamassassin/Rules/TVD_RCVD_IP?action=diff&rev1=4&rev2=5

Comment:
Update with explanation

- TVD RCVD IP 
+ #language en
+ == SpamAssassin Rule: TVD_RCVD_IP ==
  
-    `Received =~ /^from\s+(?:\d+[^0-9a-zA-Z\s]){3}\d+[.\s]/ `
+ ''Standard description:'' None
  
-   from    one or more whitespaces  
-                
-                     :  digit     not  a number or letter  whitespace  (three of those)  
-  
+ === Explanation ===
+ 
+ Checks if the most recently addded Recieved: header begins with "from " followed by a hostname that consists of four groups of digits separated by non-alphanumeric characters (e.g. "." or "-").
+ 
+ This is usually an indication that the hostname is derieved from a public or private IPv4 address scheme.  Since these types of addresses are commonly distrubuted to end users rather than mail servers they are often seen in spam sent directly from end user hosts.
+ 
  For example:
  
- Received: from 212-98-43-121.static.adslpremium.ch ([212.98.43.121]:3607 helo=xtqq.adslpremium.ch)
+  {{{Received: from 212-98-43-121.static.adslpremium.ch ([212.98.43.121]:3607 helo=xtqq.adslpremium.ch)}}}
  
+  {{{Received: from 68.207.230.213.client.lchost.net ([213.230.207.68] helo=smtp.fifambeie.co.uk)}}}
  
- ---- can somebody help me out here --
+ On servers that also act as smarthosts for machines usually matching this pattern, this rule should be switched off.
  
+ === Further Info ===
+ The default scores for this rule can be found [[http://spamassassin.apache.org/tests.html|in the online list of tests]].
+ 
+ Note: this rule (and [[Rules/TVD_RCVD_IP4|TVD_RCVD_IP4]]) will also match IPv4 addresses not enclosed in square brackets. This is an implementation error in your mail server software, as IP addresses should be enclosed in brackets. See [[http://tools.ietf.org/html/rfc5321#section-4.1.2|RFC 5321 §4.1.2]].
+ 
+ ----
+ CategoryRule
+