https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6874
Kevin A. McGrail <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Kevin A. McGrail <[email protected]> --- The overlap for a 7.1 score seems high and unintended. Both of these rules are in 20_fake_helo_tests.cf. 159.253.211.188.srvlist.ukfast.net shouldn't hit BOTH rules, should it? Dec 10 14:24:34.676 [8558] dbg: rules: ran header rule HELO_DYNAMIC_IPADDR2 ======> got hit: "[ ip=159.253.211.188 rdns=159.253.211.188.srvlist.ukfast.net helo=159.253.211.188.srvlist.ukfast.net by=mail.redbus.holtain.net ident= envfrom= intl=0 id= auth= " Dec 10 14:24:34.680 [8558] dbg: rules: ran header rule HELO_DYNAMIC_SPLIT_IP ======> got hit: "[ ip=159.253.211.188 rdns=159.253.211.188.srvlist.ukfast.net helo=159.253.211.188." So switching one of the rules to a meta testing for the other seems sane for the moment: header __HELO_DYNAMIC_IPADDR2 X-Spam-Relays-External =~ /^[^\]]+ helo=\d{1,3}(?:[\Wx_]\d{1,3}){3}[^\d\s][^\s.]*\.\S+\.\S+[^\]]+ auth= /i meta HELO_DYNAMIC_IPADDR2 (__HELO_DYNAMIC_IPADDR2 && !HELO_DYNAMIC_SPLIT_IP) describe HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) svn commit -m 'Tweak for bug 6874' Sending rules/20_fake_helo_tests.cf Transmitting file data . Committed revision 1419685. [root@devel rules]# -- You are receiving this mail because: You are the assignee for the bug.
