Question concerning RCVD_NUMERIC_HELO
The rule in the distribution rule set is:
header RCVD_NUMERIC_HELO Received =~ /helo[=
]\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/i
describe RCVD_NUMERIC_HELO Received: contains a numeric HELO
I've recently added the following rule to my personal rule set:
header RM_hr_HeloIP Received =~ /helo=\[(?:\d{1,3}\.){3}\d{1,3}\]/
describe RM_hr_HeloIP Spam passed through apparent spammer relay
score RM_hr_HeloIP 0.500 #
These are identical, except that mine includes square brackets around
an IP address, and the distribution rule does not.
Is there a reason the square brackets were left out of the
distribution rule set?
Would the distribution rule hit more spam if it were coded as follows
(adding just the opening square bracket as an option)?
header RCVD_NUMERIC_HELO Received =~ /helo[=
\[]\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/i
Bob Menschel
