You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2012/12/10 16:42:45 UTC
[Bug 6874] New: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting
ham
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6874
Bug ID: 6874
Summary: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting
ham
Product: Spamassassin
Version: unspecified
Hardware: PC
OS: Windows 7
Status: NEW
Severity: normal
Priority: P2
Component: Rules
Assignee: dev@spamassassin.apache.org
Reporter: niamh@fullbore.co.uk
Classification: Unclassified
Created attachment 5116
--> https://issues.apache.org/SpamAssassin/attachment.cgi?id=5116&action=edit
2 hamss that hit the aforementioned rules
mbax with 2 false positives attached.
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
mail.redbus.holtain.net
X-Spam-Flag: YES
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.2 required=4.5 autolearn=no
X-Spam-Report:
* 3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr
* 2)
* 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split
* IP)
* -0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
* -2.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.0000]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76
chars
* 0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
* 1.0 RDNS_DYNAMIC Delivered to internal network by host with
* dynamic-looking rDNS
* 0.0 T_REMOTE_IMAGE Message contains an external image
X-Spam-Relays-Untrusted: [ ip=159.253.211.188
rdns=159.253.211.188.srvlist.ukfast.net
helo=159.253.211.188.srvlist.ukfast.net by=mail.redbus.holtain.net
ident=
envfrom= intl=0 id= auth= msa=0 ] [ ip=159.253.211.188 rdns= helo= by=
ident=
envfrom= intl=0 id= auth= msa=0 ]
X-Spam-Language: en
X-Spam-DKIM-i:
X-Spam-DKIM-d:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_50BB4CB1.94D30094"
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6874] HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6874
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
--- Comment #1 from Kevin A. McGrail <km...@pccc.com> ---
The overlap for a 7.1 score seems high and unintended. Both of these rules are
in 20_fake_helo_tests.cf.
159.253.211.188.srvlist.ukfast.net shouldn't hit BOTH rules, should it?
Dec 10 14:24:34.676 [8558] dbg: rules: ran header rule HELO_DYNAMIC_IPADDR2
======> got hit: "[ ip=159.253.211.188 rdns=159.253.211.188.srvlist.ukfast.net
helo=159.253.211.188.srvlist.ukfast.net by=mail.redbus.holtain.net ident=
envfrom= intl=0 id= auth= "
Dec 10 14:24:34.680 [8558] dbg: rules: ran header rule HELO_DYNAMIC_SPLIT_IP
======> got hit: "[ ip=159.253.211.188 rdns=159.253.211.188.srvlist.ukfast.net
helo=159.253.211.188."
So switching one of the rules to a meta testing for the other seems sane for
the moment:
header __HELO_DYNAMIC_IPADDR2 X-Spam-Relays-External =~ /^[^\]]+
helo=\d{1,3}(?:[\Wx_]\d{1,3}){3}[^\d\s][^\s.]*\.\S+\.\S+[^\]]+ auth= /i
meta HELO_DYNAMIC_IPADDR2 (__HELO_DYNAMIC_IPADDR2 && !HELO_DYNAMIC_SPLIT_IP)
describe HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
2)
svn commit -m 'Tweak for bug 6874'
Sending rules/20_fake_helo_tests.cf
Transmitting file data .
Committed revision 1419685.
[root@devel rules]#
--
You are receiving this mail because:
You are the assignee for the bug.