Hi. The FAKED_IP_IN_RCVD rule in v2.55 coming with the SuSE distribution reads:
header FAKED_IP_IN_RCVD Received =~ /from [-0-9a-z\._]+_\[\d+\.\d+\.\d+\.\d+\] /i I thought this was supposed to catch lines like this: Received: from mx249.Bluebird9.us (unknown [203.208.248.249]) which is the standard second Received line as written by Postfix (also coming with SuSE). The first Received line reads: Received: from localhost (localhost [127.0.0.1]) This test is an important test (2.9 points in local configuration), but it never gets triggered, obviously, because of the underscore following the + sign in the rule and the paranthesis in the Received line. I don't understand: 1. Do I misinterpret the purpose of this rule? 2. Or, is the rule written for a different MTA (like Sendmail) and it wasn't properly adapted for Postfix? 3. ? Can you give me an idea? Thanks a lot. Laura Palmer
