shanew wrote:
I presume detecting forged Received headers was the point of this rule all along, so if we all toss this rule out the window (or adjust to exclude this edge case), aren't we potentially encouraging spammers to "hide" their true networks in the same way?
There is no benefit to spammers (and a likely disservice to them) for forging a non-trustworthy external Received header field and providing some unusual IP address there, and they cannot forge the boundary Received header field inserted by recipient's own mailer. I can only conclude that a rule like RCVD_ILLEGAL_IP will hit mostly on misconfigured or misguided sending mailers, not primarily on spam. Reindl Harald wrote:
my "problem" with that rule is that it hits practically no spam but only ham and so it goes in the wrong direction entirely
Most likely. Mark