header __HELO_NO_DOMAIN X-Spam-Relays-External =~ /^[^\]]+ helo=[^\.]+ / header FSL_HELO_NON_FQDN_1 X-Spam-Relays-External =~ /^[^\]]+ helo=[a-zA-Z0-9-_]+ /i score FSL_HELO_NON_FQDN_1 2.361 0.001 1.783 0.001 # (note that no FSL_* rule has a description)
http://ruleqa.spamassassin.org/?rule=/HELO_NON_FQDN_1|__HELO_NO_DOM These rules are virtually identical. Sometimes one out-performs the other by an insignificant margin. I thought this was too high a ham% (0.7795 for both) to get a decent score, yet it made it into 3.3.0 scored 2.361 on no-net/no-bayes. To combat that, I refined the rule so as to discount anything that identified as 'localhost' since ruleqa indicated that was a large source of the FPs on the rules. Looks like __HELO_NO_DOMAIN didn't make it into 3.3.0 while FSL_HELO_NON_FQDN_1 did, so my derivative HELO_NO_DOMAIN also failed to make the cut, and it wasn't alone: SPAM% HAM% S/O RANK SCORE NAME 3.5398 0.0056 0.998 0.91 0.00 DYN_RDNS_SHORT_HELO_HTML 15.0445 0.2587 0.983 0.73 1.00 HELO_NO_DOMAIN 0.1007 0.0007 0.994 0.69 1.82 DYN_RDNS_SHORT_HELO_IMAGE 18.9905 0.7795 0.961 0.64 (n/a) __HELO_NO_DOMAIN 18.9711 0.7795 0.961 0.63 2.36 FSL_HELO_NON_FQDN_1 The question: Do we discard __HELO_NO_DOMAIN and rewrite the dependent rules? Is FSL_HELO_NON_FQDN_1 scored too high? Again, HELO_NO_DOMAIN was written to make a non-meta-rule out of that, and I worry that the FSL version has side-stepped that. Thoughts?
