Hi.
The FAKED_IP_IN_RCVD rule in v2.55 coming with the SuSE distribution reads:
<snip>
Can you give me an idea? Thanks a lot.
As a side note, 2.55 is four releases behind the current version of SA (We're on 2.63)
That particular rule remains unchanged in 2.63, but it is a "rare hit". Looking at STATISTICS.txt from 2.63 one can see it's not a common hit in the SA corpus.
OVERALL% SPAM% HAM% S/O RANK SCORE NAME 0.021 0.0316 0.0000 1.000 0.95 2.90 FAKED_IP_IN_RCVD
Yes, that's 0.0316% or 1 in 3,164 spam messages that matches it in the sa development corpus.
Current-spam hit rates may be even lower.
