https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7292
RW <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from RW <[email protected]> --- A couple of points: 1) Rather than using && !ALL_TRUSTED in FSL_HELO_BARE_IP_2, it would be better to only check untrusted relays in __FSL_HELO_BARE_IP_2 since this eliminates other kinds of FP as well. FSL_HELO_BARE_IP_1 may benefit from the all-trusted test, and because it's a last-external check it could also benefit from a "auth= " check. So: meta FSL_HELO_BARE_IP_1 __FSL_HELO_BARE_IP_1 && !ALL_TRUSTED meta FSL_HELO_BARE_IP_2 __FSL_HELO_BARE_IP_2 && !FSL_HELO_BARE_IP_1 &&!__VIA_ML && !__HAS_ERRORS_TO header __FSL_HELO_BARE_IP_1 X-Spam-Relays-External =~ /^[^\]]+ helo=(?!127)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} [^\]]*auth= /i header __FSL_HELO_BARE_IP_2 X-Spam-Relays-Untrusted =~ /helo=(?!127)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} /i 2) I notice that there is a comment: # score limit due to partial overlap with RCVD_NUMERIC_HELO I had a look at RCVD_NUMERIC_HELO and, despite the name and possibly the intent, it's a test on HELO bare IP addresses in the untrusted networks. It's a duplicate of the modified version of __FSL_HELO_BARE_IP_2 I quoted above. I think it should go. -- You are receiving this mail because: You are the assignee for the bug.
