Hi, __HELO_NOT_RDNS is defined as header __HELO_NOT_RDNS X-Spam-Relays-External =~ /^[^\]]+ rdns=(\S+) helo=(?!(?i)\1)\S/ and it hits on a FPs. Apr 16 11:02:44.414 [17868] dbg: rules: ran header rule __HELO_NOT_RDNS ======> got hit: "[ ip=52.100.155.200 rdns=mail-bn7nam10hn2200.outbound.protection.outlook.com helo=N"
This hits with this "Spam-Relays-External" meta-header: Apr 16 11:02:41.469 [17868] dbg: metadata: X-Spam-Relays-External: [ ip=52.100.155.200 rdns=mail-bn7nam10hn2200.outbound.protection.outlook.com helo=NAM10-BN7-obe.outbound.protection.outlook.com by=srv.example.com ident= envfrom=t...@example.org intl=0 id=53ELtBrS2119884 auth= msa=0 ] [ ip=2603:10b6:208:1f1::16 rdns=MN2PR19MB3808.namprd19.prod.outlook.com helo=MN2PR19MB3808.namprd19.prod.outlook.com by=CY5PR19MB6145.namprd19.prod.outlook.com ident= envfrom= intl=0 id=15.20.8632.31 auth= msa=0 ] [ ip=fe80::5291:d44b:4707:cb51 rdns= helo=MN2PR19MB3808.namprd19.prod.outlook.com by=MN2PR19MB3808.namprd19.prod.outlook.com ident= envfrom= intl=0 id= auth= msa=0 ] Any hints about how to improve the regexp ? Thanks Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
