On Fri, 28 Oct 2011, Loic Condette wrote:
I just received a spam which match the following rules:
[DATE_IN_PAST_24_48=1.34, FSL_HELO_NON_FQDN_1=0.001, HELO_NO_DOMAIN=0.001,
RDNS_NONE=0.793, TO_NO_BRKTS_NORDNS=0.001]
The problem here is that I could not find a description for the following
rules...
HELO_NO_DOMAIN
RDNS_NONE
TO_NO_BRKTS_NORDNS
... on http://spamassassin.apache.org/tests_3_3_x.html
So I can't really know what these rules match and tweak their scores.
What's happening? Is SA late on rules descriptions on their website or do
I miss something?
The rules autopromoted from developers' sandboxes do not have
descriptions on the website as they aren't in the base static rule sets,
and some of us {blush} are poor about updating the wiki.
The names try to be descriptive, and most rules do have textual
descriptions available that can be displayed in the message header given
the proper config options.
HELO_NO_DOMAIN: the HELO the client sent is bare, missing a domain part.
RDNS_NONE: no rDNS entry for the last untrusted/external hop.
TO_NO_BRKTS_NORDNS: RDNS_NONE plus the TO address is missing angle
brackets, which are the proper way to format an email address.
Additionally,
FSL_HELO_NON_FQDN_1 description is rather unclear, to say the least.
Heh. That one probably duplicates HELO_NO_DOMAIN. "FDQN" is net-speak for
"Fully-Qualified Domain Name".
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
4 days until Halloween
