On 4/17/25 3:23 AM, John Hardin wrote:
On Wed, 16 Apr 2025, Giovanni Bechis wrote:Hi, __HELO_NOT_RDNS is defined as header __HELO_NOT_RDNS X-Spam-Relays-External =~ /^[^\]]+ rdns=(\S+) helo=(?!(?i)\1)\S/ and it hits on a FPs. Apr 16 11:02:44.414 [17868] dbg: rules: ran header rule __HELO_NOT_RDNS ======> got hit: "[ ip=52.100.155.200 rdns=mail-bn7nam10hn2200.outbound.protection.outlook.com helo=N"It's intended to hit when the HELO isn't the sames as the rdns.
then Microsoft has some rdns issues. I am going to lower some scores locally until Microsoft fixes their setup. Thanks Giovanni
Apr 16 11:02:41.469 [17868] dbg: metadata: X-Spam-Relays-External: [ ip=52.100.155.200 rdns=mail-bn7nam10hn2200.outbound.protection.outlook.com helo=NAM10-BN7-obe.outbound.protection.outlook.com by=srv.example.com ident=helo=NAM10-BN... does not match rdns=mail-bn7... It appears to me to be working as designed. A failure would be a hit on a header with a *matching* HELO: helo=mail-bn7nam10hn2200.outbound.protection.outlook.com
OpenPGP_signature.asc
Description: OpenPGP digital signature
