On Fri, 2010-03-12 at 22:57 +0000, Christian Gregoire wrote:
> Using SA 3.3.0. Any reason why RDNS_NONE now scores 1.3, when it was
> down to 0.1 with the previous releases ?
The score was pretty much informational only previously and arbitrarily
set. The current score is what the mass-checks and GA result in.
> The below headers trigger the rule only because the remote LAN SMTP
> client, with IP 10.10.3.3, has no rDNS.
>
> Received: from my.public.name ([<public_IP>] helo=john.fr)
> by mymta.fr with esmtps (TLSv1:AES256-SHA:256)
> id 1NowHH-0003o7-ED
> for m...@address.fr; Tue, 09 Mar 2010 11:03:03 +0100
> Received: from exim by john.fr with spamout-scanned-ok id 1NowHG-00054b-TU
> for m...@address.fr; Tue, 09 Mar 2010 11:03:02 +0100
> Received: from [10.10.3.4] (helo=MYPC)
> by john.fr with esmtp id 1NowHD-00054Q-SY
> for m...@address.fr; Tue, 09 Mar 2010 11:03:02 +0100
>
> I'd rather say, for example, 1.3 for the last gateway, and 0.1 for the
> others.
I guess you need to correct your trusted and internal networks. The rule
does not deep parse, and never has.
header __RDNS_NONE X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns= /
describe RDNS_NONE Delivered to trusted network by a host with no rDNS
That host with an IP in a private, reserved range (the originating IP,
running the MUA?) delivered directly to your MX, as it seems...
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
